Actu
Vigil@nce: Linux kernel, memory corruption via CIFS
April 2009 by Vigil@nce
An attacker can setup a malicious CIFS server and invite the
victim to mount a share in order to execute code on his computer.
– Severity: 2/4
– Consequences: administrator access/rights, denial of service of
computer
– Provenance: user shell
– Means of attack: no proof of concept, no attack
– Ability of attacker: expert (4/4)
– Confidence: confirmed by the editor (5/5)
– Diffusion of the vulnerable configuration: high (3/3)
– Number of vulnerabilities in this bulletin: 2
– Creation date: 21/04/2009
IMPACTED PRODUCTS
– Linux kernel
DESCRIPTION OF THE VULNERABILITY
The fs/cifs directory of the Linux kernel source code implements a
CIFS/SMB client, used to mount a filesystem on a remote share.
This CIFS client is impacted by two vulnerabilities.
The cifs_readdir() function of the fs/cifs/readdir.c file reverses
two numbers during the computation of the memory area needed to
store data. A buffer overflow thus occurs. [grav:2/4]
The cifs_strncpy_to_host() function of the fs/cifs/cifssmb.c file
incorrectly computes the size of the memory area needed to store
data. A buffer overflow thus occurs. [grav:2/4]
An attacker can setup a malicious CIFS server and invite the
victim to mount a share in order to execute code on his computer.
CHARACTERISTICS
– Identifiers: VIGILANCE-VUL-8655
– Url: http://vigilance.fr/vulnerability/Linux-kernel-memory-corruption-via-CIFS-8655
