CVE-2011-3191

Priority
Description
Integer signedness error in the CIFSFindNext function in fs/cifs/cifssmb.c
in the Linux kernel before 3.1 allows remote CIFS servers to cause a denial
of service (memory corruption) or possibly have unspecified other impact
via a large length value in a response to a read request for a directory.
Ubuntu-Description
Darren Lavender discovered that the CIFS client incorrectly handled certain
large values. A remote attacker with a malicious server could exploit this
to crash the system or possibly execute arbitrary code as the root user.
Notes
apwpatch title is as below in CIFS tree, likely SHA1 added below:
cifs: fix possible memory corruption in CIFSFindNext
keesactual sha is below, old one from CIFS tree was
c32dfffaf59f73bbcf4472141b851a4dc5db2bf0
Package
Source: linux (LP Ubuntu Debian)
Upstream:released (3.1~rc7)
Patches:
Introduced by
1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
Fixed by
9438fabb73eb48055b58b89fc51e0bc4db22fabd
Package
Upstream:released (3.1~rc7)
Package
Upstream:released (3.1~rc7)
Package
Upstream:released (3.1~rc7)
Package
Upstream:released (3.1~rc7)
Package
Upstream:released (3.1~rc7)
Package
Upstream:released (3.1~rc7)
Package
Upstream:released (3.1~rc7)
More Information

Updated: 2020-01-29 19:42:13 UTC (commit 768ceb2fdee6790d707d0f681e1b54916744af1e)