CVE-2011-1585
Publication date 6 October 2011
Last updated 24 July 2024
Ubuntu priority
The cifs_find_smb_ses function in fs/cifs/connect.c in the Linux kernel before 2.6.36 does not properly determine the associations between users and sessions, which allows local users to bypass CIFS share authentication by leveraging a mount of a share by a different user.
From the Ubuntu Security Team
It was discovered that CIFS incorrectly handled authentication. When a user had a CIFS share mounted that required authentication, a local user could mount the same share without knowing the correct password.
Status
Package | Ubuntu Release | Status |
---|---|---|
linux | 12.04 LTS precise |
Not affected
|
11.10 oneiric |
Not affected
|
|
11.04 natty |
Not affected
|
|
10.10 maverick |
Fixed 2.6.35-31.62
|
|
10.04 LTS lucid |
Fixed 2.6.32-34.73
|
|
8.04 LTS hardy |
Fixed 2.6.24-30.96
|
|
linux-armadaxp | 12.04 LTS precise |
Not affected
|
11.10 oneiric | Not in release | |
11.04 natty | Not in release | |
10.04 LTS lucid | Not in release | |
8.04 LTS hardy | Not in release | |
linux-ec2 | 12.04 LTS precise | Not in release |
11.10 oneiric | Not in release | |
11.04 natty | Not in release | |
10.10 maverick | Ignored end of life | |
10.04 LTS lucid |
Fixed 2.6.32-318.37
|
|
8.04 LTS hardy | Not in release | |
linux-fsl-imx51 | 12.04 LTS precise | Not in release |
11.10 oneiric | Not in release | |
11.04 natty | Not in release | |
10.10 maverick | Not in release | |
10.04 LTS lucid |
Fixed 2.6.31-612.30
|
|
8.04 LTS hardy | Not in release | |
linux-lts-backport-maverick | 12.04 LTS precise | Not in release |
11.10 oneiric | Not in release | |
11.04 natty | Not in release | |
10.10 maverick | Not in release | |
10.04 LTS lucid |
Fixed 2.6.35-31.62~lucid1
|
|
8.04 LTS hardy | Not in release | |
linux-lts-backport-natty | 12.04 LTS precise | Not in release |
11.10 oneiric | Not in release | |
11.04 natty | Not in release | |
10.10 maverick | Not in release | |
10.04 LTS lucid |
Fixed 2.6.38-1.27~lucid1
|
|
8.04 LTS hardy | Not in release | |
linux-lts-backport-oneiric | 12.04 LTS precise | Not in release |
11.10 oneiric | Not in release | |
11.04 natty | Not in release | |
10.10 maverick | Not in release | |
10.04 LTS lucid |
Not affected
|
|
8.04 LTS hardy | Not in release | |
linux-mvl-dove | 12.04 LTS precise | Not in release |
11.10 oneiric | Not in release | |
11.04 natty | Not in release | |
10.10 maverick |
Fixed 2.6.32-418.35
|
|
10.04 LTS lucid |
Fixed 2.6.32-218.35
|
|
8.04 LTS hardy | Not in release | |
linux-ti-omap4 | 12.04 LTS precise |
Not affected
|
11.10 oneiric |
Not affected
|
|
11.04 natty |
Not affected
|
|
10.10 maverick |
Fixed 2.6.35-903.27
|
|
10.04 LTS lucid | Not in release | |
8.04 LTS hardy | Not in release |
Patch details
Package | Patch details |
---|---|
linux |
References
Related Ubuntu Security Notices (USN)
- USN-1272-1
- Linux kernel vulnerabilities
- 21 November 2011
- USN-1280-1
- Linux (OMAP4) vulnerabilities
- 24 November 2011
- USN-1268-1
- Linux kernel vulnerabilities
- 21 November 2011
- USN-1203-1
- Linux kernel (Marvel DOVE) vulnerabilities
- 13 September 2011
- USN-1278-1
- Linux (Maverick backport) vulnerabilities
- 24 November 2011
- USN-1218-1
- Linux kernel vulnerabilities
- 29 September 2011
- USN-1208-1
- Linux kernel (Marvel DOVE) vulnerabilities
- 14 September 2011
- USN-1256-1
- Linux kernel (Natty backport) vulnerabilities
- 9 November 2011
- USN-1216-1
- Linux kernel (EC2) vulnerabilities
- 26 September 2011
- USN-1271-1
- Linux kernel (FSL-IMX51) vulnerabilities
- 21 November 2011