APPLIED: [PATCH 0/1][SRU][T] CVE-2018-1066 - CIFS denial of service
Khaled Elmously
khalid.elmously at canonical.com
Fri Dec 28 09:17:52 UTC 2018
On 2018-12-10 23:01:50 , Tyler Hicks wrote:
> https://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-1066.html
>
> The Linux kernel before version 4.11 is vulnerable to a NULL pointer
> dereference in fs/cifs/cifsencrypt.c:setup_ntlmv2_rsp() that allows an
> attacker controlling a CIFS server to kernel panic a client that has this
> server mounted, because an empty TargetInfo field in an NTLMSSP setup
> negotiation response is mishandled during session recovery.
>
> Clean cherry pick from linux-stable to Trusty. I tested the fix by modifying[1]
> the Samba server in a Bionic VM to trigger the crash in the Trusty kernel
> (client machine) when the Samba server is restarted. I was able to verify that
> the patched kernel allows the Trusty kernel to gracefully handle the server
> restart by noticing that the server is sending bad info.
>
> Tyler
>
> [1] https://copr-dist-git.fedorainfracloud.org/cgit/alonid/samba-for-client-crash-repro/samba.git/tree/0001-Patch.patch?id=43229c84abe008bfc11aa86f5bacb03a1e54f88c
>
> --
> kernel-team mailing list
> kernel-team at lists.ubuntu.com
> https://lists.ubuntu.com/mailman/listinfo/kernel-team
More information about the kernel-team
mailing list