[security-alerts] FW: [SA27666] Linux Kernel CIFS "SendReceive()" Buffer Overflow

["Kazennov, Vladimir" <Vladimir.Kazennov@xxxxxxxxxx>]

> ----------------------------------------------------------------------
>
> TITLE:
> Linux Kernel CIFS "SendReceive()" Buffer Overflow
>
> SECUNIA ADVISORY ID:
> SA27666
>
> VERIFY ADVISORY:
> http://secunia.com/advisories/27666/
>
> CRITICAL:
> Less critical
>
> IMPACT:
> DoS, System access
>
> WHERE:
> From local network
>
> OPERATING SYSTEM:
> Linux Kernel 2.6.x
> http://secunia.com/product/2719/
>
> DESCRIPTION:
> A vulnerability has been reported in the Linux Kernel, which can be
> exploited by malicious people to cause a DoS (Denial of Service) or
> potentially compromise a vulnerable system.
>
> The vulnerability is caused due to the "SendReceive()" function in
> fs/cifs/transport.c assuming wrong buffer sizes. This can be
> exploited to cause a buffer overflow by sending specially crafted
> responses to a vulnerable system.
>
> Successful exploitation may require that a malicious server is used
> to mount a CIFS share.
>
> The vulnerability is reported in version 2.6.23. Other versions may
> also be affected.
>
> SOLUTION:
> Fixed in the GIT repository.
> http://git.kernel.org/?p=linux/kernel/git/sfrench/cifs-2.6.git
> ;a=commit;h=133672efbc1085f9af990bdc145e1822ea93bcf3
>
> PROVIDED AND/OR DISCOVERED BY:
> Przemyslaw Wegrzyn
>
> ORIGINAL ADVISORY:
> http://marc.info/?l=linux-kernel&m=119455843205403&w=2
>
> http://git.kernel.org/?p=linux/kernel/git/sfrench/cifs-2.6.git
> ;a=commit;h=133672efbc1085f9af990bdc145e1822ea93bcf3
>