CVE-2011-1585

Опубликовано: 02 авг. 2010

Источник: redhat

CVSS2: 3.3

EPSS Низкий

Описание

The cifs_find_smb_ses function in fs/cifs/connect.c in the Linux kernel before 2.6.36 does not properly determine the associations between users and sessions, which allows local users to bypass CIFS share authentication by leveraging a mount of a share by a different user.

Отчет

This issue did not affect the versions of Linux kernel as shipped in Red Hat Enterprise Linux 4, 5, 6, and Red Hat Enterprise MRG as they did not ship mount.cifs with root setuid set. However, as a preventive meaasure, we have addressed this in Red Hat Enterprise Linux 5 and Red Hat Enterprise MRG via https://rhn.redhat.com/errata/RHSA-2011-1386.html and https://rhn.redhat.com/errata/RHSA-2011-1253.html. Red Hat Enterprise Linux 4 is now in Production 3 of the maintenance life-cycle, https://access.redhat.com/support/policy/updates/errata/, therefore the fix for this issue is not currently planned to be included in the future updates.

Затронутые пакеты

Платформа	Пакет	Состояние	Рекомендация	Релиз
Red Hat Enterprise MRG 1	realtime-kernel	Affected
Red Hat Enterprise Linux 5	kernel	Fixed	RHSA-2011:1386	20.10.2011
Red Hat Enterprise MRG 2	kernel-rt	Fixed	RHSA-2011:1253	12.09.2011

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low

https://bugzilla.redhat.com/show_bug.cgi?id=697394kernel: cifs session reuse

EPSS

Процентиль: 16%

0.00051

Низкий

3.3 Low

CVSS2

Связанные уязвимости

CVE-2011-1585

ubuntu

около 12 лет назад

CVE-2011-1585

nvd

около 12 лет назад

CVE-2011-1585

debian

около 12 лет назад

The cifs_find_smb_ses function in fs/cifs/connect.c in the Linux kerne ...

GHSA-x654-xc6m-hm65

github

около 3 лет назад

ELSA-2011-2037

oracle-oval

больше 13 лет назад

ELSA-2011-2037: Unbreakable Enterprise kernel security and bug fix update (MODERATE)

EPSS

Процентиль: 16%

0.00051

Низкий

3.3 Low

CVSS2