CVE-2011-1585 (retired)

Priority
Description
The cifs_find_smb_ses function in fs/cifs/connect.c in the Linux kernel
before 2.6.36 does not properly determine the associations between users
and sessions, which allows local users to bypass CIFS share authentication
by leveraging a mount of a share by a different user.
Ubuntu-Description
It was discovered that CIFS incorrectly handled authentication. When a user
had a CIFS share mounted that required authentication, a local user could
mount the same share without knowing the correct password.
Package
Source: linux (LP Ubuntu Debian)
Upstream:released (2.6.36~rc3)
Ubuntu 12.04 ESM (Precise Pangolin):not-affected (2.6.39-0.0)
Patches:
Introduced by 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2Fixed by 4ff67b720c02c36e54d55b88c2931879b7db1cd2
Introduced by 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2Fixed by fc87a40677bbe0937e2ff0642c7e83c9a4813f3d
Introduced by 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2Fixed by 24e6cf92fde1f140d8eb0bf7cd24c2c78149b6b2
Package
Upstream:released (2.6.36~rc3)
Ubuntu 12.04 ESM (Precise Pangolin):not-affected (3.2.0-1602.5)
Package
Upstream:released (2.6.36~rc3)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Package
Upstream:released (2.6.36~rc3)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Package
Upstream:released (2.6.36~rc3)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Package
Upstream:released (2.6.36~rc3)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Package
Upstream:released (2.6.36~rc3)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Package
Upstream:released (2.6.36~rc3)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Package
Upstream:released (2.6.36~rc3)
Ubuntu 12.04 ESM (Precise Pangolin):not-affected (2.6.38-1309.13)
More Information

Updated: 2019-03-26 11:56:17 UTC (commit ccdecfcf0fead22bd291e5f4ea745a46872dcb15)