blob: 1614344b755568809b795b4a52dc5be15b8c826a (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
|
Description: Null pointer dereference in fs/cifs/cifsencrypt.c:setup_ntlmv2_rsp() when empty TargetInfo is returned in NTLMSSP setup negotiation response allowing to crash client's kernel
References:
https://patchwork.kernel.org/patch/10187633/
https://bugzilla.redhat.com/show_bug.cgi?id=1539599
http://www.openwall.com/lists/oss-security/2018/03/06/1
Notes:
carnil> Issue fixed upstream differently/unknownigly with the
carnil> referenced commit cabfb3680f78981d26c078a26e5c748531257ebb
carnil> Cf. https://patchwork.kernel.org/patch/10187633/ discussion.
bwh> Minimal fix for older versions:
bwh> https://patchwork.kernel.org/patch/10187633/
Bugs:
upstream: released (4.11-rc1) [cabfb3680f78981d26c078a26e5c748531257ebb]
4.9-upstream-stable: released (4.9.90) [df09b6f7b54adba78693997096d0bcb1bd80537c]
3.16-upstream-stable: released (3.16.57) [36a0db05310fbee38b59fed7e1306c1a095f8c8f]
3.2-upstream-stable: N/A "Vulnerable code not present"
sid: released (4.11.6-1)
4.9-stretch-security: released (4.9.88-1) [bugfix/all/CIFS-Enable-encryption-during-session-setup-phase.patch]
3.16-jessie-security: released (3.16.56-1) [bugfix/all/CIFS-Enable-encryption-during-session-setup-phase.patch]
3.2-wheezy-security: N/A "Vulnerable code not present"
|
