CVE-2011-3363

Опубликовано: 07 мар. 2011

Источник: redhat

CVSS2: 4.6

EPSS Низкий

Описание

The setup_cifs_sb function in fs/cifs/connect.c in the Linux kernel before 2.6.39 does not properly handle DFS referrals, which allows remote CIFS servers to cause a denial of service (system crash) by placing a referral at the root of a share.

Отчет

This issue affects the Linux kernel as shipped with Red Hat Enterprise Linux 4, 5, 6, and Red Hat Enterprise MRG. Red Hat Enterprise Linux 4 is now in Production 3 of the maintenance life-cycle, https://access.redhat.com/support/policy/updates/errata/, therefore the fix for this issue is not currently planned to be included in the future updates. This has been addressed in Red Hat Enterprise Linux 5, 6 and Red Hat Enterprise MRG via https://rhn.redhat.com/errata/RHSA-2011-1479.html, https://rhn.redhat.com/errata/RHSA-2011-1465.html, and https://rhn.redhat.com/errata/RHSA-2012-0010.html.

Затронутые пакеты

Платформа	Пакет	Состояние	Рекомендация	Релиз
Red Hat Enterprise Linux 4	kernel	Will not fix
Red Hat Enterprise Linux 5	kernel	Fixed	RHSA-2011:1479	29.11.2011
Red Hat Enterprise Linux 6	kernel	Fixed	RHSA-2011:1465	22.11.2011
Red Hat Enterprise MRG 2	kernel-rt	Fixed	RHSA-2012:0010	10.01.2012

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate

https://bugzilla.redhat.com/show_bug.cgi?id=738291kernel: cifs: always do is_path_accessible check in cifs_mount

EPSS

Процентиль: 46%

0.00229

Низкий

4.6 Medium

CVSS2

Связанные уязвимости

CVE-2011-3363

CVSS3: 6.5

ubuntu

около 13 лет назад

CVE-2011-3363

CVSS3: 6.5

nvd

около 13 лет назад

CVE-2011-3363

CVSS3: 6.5

debian

около 13 лет назад

The setup_cifs_sb function in fs/cifs/connect.c in the Linux kernel be ...

GHSA-3mjr-5fr9-2r8m

CVSS3: 6.5

github

около 3 лет назад

ELSA-2011-1479

oracle-oval

больше 13 лет назад

ELSA-2011-1479: kernel security, bug fix, and enhancement update (IMPORTANT)

EPSS

Процентиль: 46%

0.00229

Низкий

4.6 Medium

CVSS2