Vigil@nce - Linux kernel: denial of service via SMB Reconnect
April 2013 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can reconnect to a SMB share, used by the Linux
kernel, in order to trigger a denial of service.
Impacted products: Linux
Severity: 1/4
Creation date: 15/04/2013
DESCRIPTION OF THE VULNERABILITY
The Linux kernel implements a CIFS/SMB client.
When a user reconnects to a share, the socket pointer can be NULL.
However, the smb_send_kvec() and smb_send_rqst() functions of the
fs/cifs/transport.c file do not check if the pointer is NULL
before dereferencing it.
An attacker can therefore reconnect to a SMB share, used by the
Linux kernel, in order to trigger a denial of service.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/Linux-kernel-denial-of-service-via-SMB-Reconnect-12675