'Re: [oss-security] CVE Request: cifs session reuse'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    Re: [oss-security] CVE Request: cifs session reuse
From:       Josh Bressers <bressers () redhat ! com>
Date:       2011-04-15 18:32:41
Message-ID: 358182854.11430.1302892361483.JavaMail.root () zmail01 ! collab ! prod ! int ! phx2 ! redhat ! com
[Download RAW message or body]

Please use CVE-2011-1585

Thanks.

-- 
    JB


----- Original Message -----
> Hi,
> 
> When one user has mounted a cifs share that requires authentication,
> another user could mount the same share without knowing the
> correct password. The following kernel commits fix that:
> 
> http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=4ff67b720c02c36e54d55b88c2931879b7db1cd2
>  http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=fc87a40677bbe0937e2ff0642c7e83c9a4813f3d
>  http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=24e6cf92fde1f140d8eb0bf7cd24c2c78149b6b2
>  
> A way to exploit this would be through mount.cifs if it's
> installed setuid root.
> 
> cu
> Ludwig
> 
> --
> (o_ Ludwig Nussel
> //\
> V_/_ http://www.suse.de/
> SUSE LINUX Products GmbH, GF: Markus Rex, HRB 16746 (AG Nuernberg)


[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic