Bugzilla – Bug 718028
VUL-0: CVE-2011-3363: kernel: cifs: always do is_path_accessible check in cifs_mount
Last modified: 2013-12-09 10:11:35 UTC
Your friendly security team received the following report via oss-security. Please respond ASAP. The issue is public. CVE-2011-3363 ------------------------------------------------------------------------------ Date: Wed, 14 Sep 2011 16:09:27 +0200 From: Petr Matousek <pmatouse@redhat.com> Subject: [oss-security] CVE request -- kernel: cifs: always do is_path_accessible check in cifs_mount "Currently, we skip doing the is_path_accessible check in cifs_mount if there is no prefixpath. There is a report of at least one server however that allows a TREE_CONNECT to a share that has a DFS referral at its root. UNC that had no prefixpath was used in that case, so the is_path_accessible check was not triggered and the box later hit a BUG() because we were chasing a DFS referral on the root dentry for the mount." Upstream fix: 70945643722ffeac779d2529a348f99567fa5c33 References: https://bugzilla.redhat.com/show_bug.cgi?id=682829 https://github.com/mirrors/linux/commit/70945643722ffeac779d2529a348f99567fa5c33 Thanks, -- Petr Matousek / Red Hat Security Response Team
Not needed for SLE11-SP2 as it is newer. Included via -stable in SLE11-SP1: patches/patches.kernel.org/patch-2.6.32.38-39 Included via -stable in SLE11-SP1-RT: patches/patches.kernel.org/patch-2.6.33.11-12: Patch pushed to openSUSE-11.3 and openSUSE-11.4. Patch pushed to SLES10_SP3 and SLES10_SP4. Not needed for SLERT10_SP3. Not needed for SLES9_SP4.
As fixes have been pushed marking it as RESOLVED.
Also pushed to SLES10-SP3-TD branch.
Please check whether 221d1d797202984cb874e3ed9f1388593d34ee22 is also needed.
(In reply to comment #4) > Please check whether 221d1d797202984cb874e3ed9f1388593d34ee22 is also needed. A quick look suggests that the fix is needed but it doesn't seem like a security issue, though?
right.
Pushed to 11.3, 11.4, SLES10_SP3, SLES10_SP4. Present already in SLE11-SP1 and SLE11-SP1-RT. Not required for other branches.
Update released for: kernel-debug, kernel-debug-debuginfo, kernel-default, kernel-default-debuginfo, kernel-source, kernel-source-debuginfo, kernel-syms Products: SLE-DEBUGINFO 10-SP4 (ia64) SLE-SDK 10-SP4 (ia64) SLE-SERVER 10-SP4 (ia64)
Update released for: kernel-bigsmp, kernel-bigsmp-debuginfo, kernel-debug, kernel-debug-debuginfo, kernel-default, kernel-default-debuginfo, kernel-kdump, kernel-kdump-debuginfo, kernel-kdumppae, kernel-kdumppae-debuginfo, kernel-smp, kernel-smp-debuginfo, kernel-source, kernel-source-debuginfo, kernel-syms, kernel-syms-debuginfo, kernel-vmi, kernel-vmi-debuginfo, kernel-vmipae, kernel-vmipae-debuginfo, kernel-xen, kernel-xen-debuginfo, kernel-xenpae, kernel-xenpae-debuginfo Products: SLE-DEBUGINFO 10-SP4 (i386) SLE-DESKTOP 10-SP4 (i386) SLE-SDK 10-SP4 (i386) SLE-SERVER 10-SP4 (i386)
Update released for: kernel-default, kernel-default-debuginfo, kernel-source, kernel-syms Products: SLE-DEBUGINFO 10-SP4 (s390x) SLE-SERVER 10-SP4 (s390x)
Update released for: kernel-debug, kernel-debug-debuginfo, kernel-default, kernel-default-debuginfo, kernel-kdump, kernel-kdump-debuginfo, kernel-smp, kernel-smp-debuginfo, kernel-source, kernel-source-debuginfo, kernel-syms, kernel-xen, kernel-xen-debuginfo Products: SLE-DEBUGINFO 10-SP4 (x86_64) SLE-DESKTOP 10-SP4 (x86_64) SLE-SDK 10-SP4 (x86_64) SLE-SERVER 10-SP4 (x86_64)
Update released for: kernel-default, kernel-default-debuginfo, kernel-iseries64, kernel-iseries64-debuginfo, kernel-kdump, kernel-kdump-debuginfo, kernel-ppc64, kernel-ppc64-debuginfo, kernel-source, kernel-source-debuginfo, kernel-syms Products: SLE-DEBUGINFO 10-SP4 (ppc) SLE-SDK 10-SP4 (ppc) SLE-SERVER 10-SP4 (ppc)
We have just released a SUSE Linux Enterprise 10 SP4 kernel update that mentions/fixes this bug. The released version is 2.6.16.60-0.91.1.
Update released for: kernel-debug, kernel-debug-base, kernel-debug-base-debuginfo, kernel-debug-debuginfo, kernel-debug-debugsource, kernel-debug-devel, kernel-debug-devel-debuginfo, kernel-default, kernel-default-base, kernel-default-base-debuginfo, kernel-default-debuginfo, kernel-default-debugsource, kernel-default-devel, kernel-default-devel-debuginfo, kernel-desktop, kernel-desktop-base, kernel-desktop-base-debuginfo, kernel-desktop-debuginfo, kernel-desktop-debugsource, kernel-desktop-devel, kernel-desktop-devel-debuginfo, kernel-devel, kernel-ec2, kernel-ec2-base, kernel-ec2-base-debuginfo, kernel-ec2-debuginfo, kernel-ec2-debugsource, kernel-ec2-devel, kernel-ec2-devel-debuginfo, kernel-ec2-extra, kernel-ec2-extra-debuginfo, kernel-pae, kernel-pae-base, kernel-pae-base-debuginfo, kernel-pae-debuginfo, kernel-pae-debugsource, kernel-pae-devel, kernel-pae-devel-debuginfo, kernel-source, kernel-source-vanilla, kernel-syms, kernel-trace, kernel-trace-base, kernel-trace-base-debuginfo, kernel-trace-debuginfo, kernel-trace-debugsource, kernel-trace-devel, kernel-trace-devel-debuginfo, kernel-vanilla, kernel-vanilla-base, kernel-vanilla-base-debuginfo, kernel-vanilla-debuginfo, kernel-vanilla-debugsource, kernel-vanilla-devel, kernel-vanilla-devel-debuginfo, kernel-vmi, kernel-vmi-base, kernel-vmi-base-debuginfo, kernel-vmi-debuginfo, kernel-vmi-debugsource, kernel-vmi-devel, kernel-vmi-devel-debuginfo, kernel-xen, kernel-xen-base, kernel-xen-base-debuginfo, kernel-xen-debuginfo, kernel-xen-debugsource, kernel-xen-devel, kernel-xen-devel-debuginfo, preload-kmp-default, preload-kmp-desktop Products: openSUSE 11.3 (debug, i586, x86_64)
Update released for: kernel-debug, kernel-debug-base, kernel-debug-base-debuginfo, kernel-debug-debuginfo, kernel-debug-debugsource, kernel-debug-devel, kernel-debug-devel-debuginfo, kernel-default, kernel-default-base, kernel-default-base-debuginfo, kernel-default-debuginfo, kernel-default-debugsource, kernel-default-devel, kernel-default-devel-debuginfo, kernel-desktop, kernel-desktop-base, kernel-desktop-base-debuginfo, kernel-desktop-debuginfo, kernel-desktop-debugsource, kernel-desktop-devel, kernel-desktop-devel-debuginfo, kernel-devel, kernel-docs, kernel-ec2, kernel-ec2-base, kernel-ec2-base-debuginfo, kernel-ec2-debuginfo, kernel-ec2-debugsource, kernel-ec2-devel, kernel-ec2-devel-debuginfo, kernel-ec2-extra, kernel-ec2-extra-debuginfo, kernel-pae, kernel-pae-base, kernel-pae-base-debuginfo, kernel-pae-debuginfo, kernel-pae-debugsource, kernel-pae-devel, kernel-pae-devel-debuginfo, kernel-source, kernel-source-vanilla, kernel-syms, kernel-trace, kernel-trace-base, kernel-trace-base-debuginfo, kernel-trace-debuginfo, kernel-trace-debugsource, kernel-trace-devel, kernel-trace-devel-debuginfo, kernel-vanilla, kernel-vanilla-base, kernel-vanilla-base-debuginfo, kernel-vanilla-debuginfo, kernel-vanilla-debugsource, kernel-vanilla-devel, kernel-vanilla-devel-debuginfo, kernel-vmi, kernel-vmi-base, kernel-vmi-base-debuginfo, kernel-vmi-debuginfo, kernel-vmi-debugsource, kernel-vmi-devel, kernel-vmi-devel-debuginfo, kernel-xen, kernel-xen-base, kernel-xen-base-debuginfo, kernel-xen-debuginfo, kernel-xen-debugsource, kernel-xen-devel, kernel-xen-devel-debuginfo, preload-kmp-default, preload-kmp-desktop Products: openSUSE 11.4 (debug, i586, x86_64)
Update released for: kernel-debug, kernel-debug-debuginfo, kernel-default, kernel-default-debuginfo, kernel-kdump, kernel-kdump-debuginfo, kernel-smp, kernel-smp-debuginfo, kernel-source, kernel-source-debuginfo, kernel-syms, kernel-xen, kernel-xen-debuginfo Products: SLE-SERVER 10-SP3-TERADATA (x86_64)
The SWAMPID for this issue is 54954. This issue was rated as moderate. Please submit fixed packages until 2013-11-20. When done, please reassign the bug to security-team@suse.de. Patchinfo will be handled by security team.
Update released for: kernel-default, kernel-default-debuginfo, kernel-source, kernel-syms Products: SLE-DEBUGINFO 10-SP3 (s390x) SLE-SERVER 10-SP3-LTSS (s390x)
Update released for: kernel-bigsmp, kernel-bigsmp-debuginfo, kernel-debug, kernel-debug-debuginfo, kernel-default, kernel-default-debuginfo, kernel-kdump, kernel-kdump-debuginfo, kernel-kdumppae, kernel-kdumppae-debuginfo, kernel-smp, kernel-smp-debuginfo, kernel-source, kernel-source-debuginfo, kernel-syms, kernel-syms-debuginfo, kernel-vmi, kernel-vmi-debuginfo, kernel-vmipae, kernel-vmipae-debuginfo, kernel-xen, kernel-xen-debuginfo, kernel-xenpae, kernel-xenpae-debuginfo Products: SLE-DEBUGINFO 10-SP3 (i386) SLE-SERVER 10-SP3-LTSS (i386)