Linux Kernel Flaw in CIFS CIFSSMBWrite() Lets Remote Users Deny Service
|
|
SecurityTracker Alert ID: 1024285 |
|
SecurityTracker URL: http://securitytracker.com/id/1024285
|
|
CVE Reference:
CVE-2010-2248
(Links to External Site)
|
Date: Aug 6 2010
|
Impact:
Denial of service via network
|
Fix Available: Yes Vendor Confirmed: Yes
|
Version(s): prior to 2.6.34-rc4
|
Description:
A vulnerability was reported in the Linux Kernel. A remote user can cause denial of service conditions.
A remote server can send a specially crafted SMB packet in response to a connected client to trigger a flaw in the CIFSSMBWrite() function to trigger a kernel panic on the target system.
|
Impact:
A remote user can cause a kernel panic on the target system.
|
Solution:
The vendor has issued a fix (2.6.34-rc4).
The source code fix is available at:
http://git.kernel.org/linus/6513a81e9325d712f1bfb9a1d7b750134e49ff18
|
Vendor URL: www.kernel.org/ (Links to External Site)
|
Cause:
State error
|
Underlying OS:
|
|
Message History:
This archive entry has one or more follow-up message(s) listed below.
|
Source Message Contents
|
Date: Thu, 05 Aug 2010 22:51:16 +0000
Subject: Linux Kernel
|
* a flaw was found in the CIFSSMBWrite() function in the Linux kernel
Common Internet File System (CIFS) implementation. A remote attacker could
send a specially-crafted SMB response packet to a target CIFS client,
resulting in a kernel panic (denial of service). (CVE-2010-2248, Important)
http://git.kernel.org/linus/6513a81e9325d712f1bfb9a1d7b750134e49ff18
|
|
