Vigil@nce: Linux kernel, denial of service via cifs_lookup
March 2012 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can mount a CIFS network share containing a special
file, in order to create a memory leak in the kernel.
– Severity: 1/4
– Creation date: 28/02/2012
IMPACTED PRODUCTS
– Linux kernel
DESCRIPTION OF THE VULNERABILITY
The Linux kernel contains a CIFS/SMB client, in order to mount
remote network shares.
On a Unix file system, there are several types of special files:
socket, fifo, etc.
The cifs_lookup() function of the fs/cifs/dir.c file obtains
information on a file located in a directory. However, if this
file is not a regular file, a memory area storing a dentry
(directory entry) is not freed.
An attacker can therefore mount a CIFS network share containing a
special file, in order to create a memory leak in the kernel.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/Linux-kernel-denial-of-service-via-cifs-lookup-11397