[PATCH 0/1][SRU][T] CVE-2018-1066 - CIFS denial of service
tyhicks at canonical.com
Mon Dec 10 23:01:50 UTC 2018
The Linux kernel before version 4.11 is vulnerable to a NULL pointer
dereference in fs/cifs/cifsencrypt.c:setup_ntlmv2_rsp() that allows an
attacker controlling a CIFS server to kernel panic a client that has this
server mounted, because an empty TargetInfo field in an NTLMSSP setup
negotiation response is mishandled during session recovery.
Clean cherry pick from linux-stable to Trusty. I tested the fix by modifying
the Samba server in a Bionic VM to trigger the crash in the Trusty kernel
(client machine) when the Samba server is restarted. I was able to verify that
the patched kernel allows the Trusty kernel to gracefully handle the server
restart by noticing that the server is sending bad info.
More information about the kernel-team