CVE-2011-1585

Priority
Description
The cifs_find_smb_ses function in fs/cifs/connect.c in the Linux kernel
before 2.6.36 does not properly determine the associations between users
and sessions, which allows local users to bypass CIFS share authentication
by leveraging a mount of a share by a different user.
Ubuntu-Description
It was discovered that CIFS incorrectly handled authentication. When a user
had a CIFS share mounted that required authentication, a local user could
mount the same share without knowing the correct password.
Notes
Package
Source: linux (LP Ubuntu Debian)
Upstream:released (2.6.36~rc3)
Ubuntu 12.04 ESM (Precise Pangolin):not-affected (2.6.39-0.0)
Patches:
Introduced by
1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
Fixed by
4ff67b720c02c36e54d55b88c2931879b7db1cd2
Introduced by
1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
Fixed by
fc87a40677bbe0937e2ff0642c7e83c9a4813f3d
Introduced by
1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
Fixed by
24e6cf92fde1f140d8eb0bf7cd24c2c78149b6b2
Package
Upstream:released (2.6.36~rc3)
Ubuntu 12.04 ESM (Precise Pangolin):not-affected (3.2.0-1602.5)
Package
Upstream:released (2.6.36~rc3)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Package
Upstream:released (2.6.36~rc3)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Package
Upstream:released (2.6.36~rc3)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Package
Upstream:released (2.6.36~rc3)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Package
Upstream:released (2.6.36~rc3)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Package
Upstream:released (2.6.36~rc3)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Package
Upstream:released (2.6.36~rc3)
Ubuntu 12.04 ESM (Precise Pangolin):not-affected (2.6.38-1309.13)
More Information

Updated: 2020-03-18 22:06:06 UTC (commit 2ea7df7bd1e69e1e489978d2724a936eb3faa1b8)