Vigil@nce - Linux kernel: reuse of CIFS session
April 2011 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/
SYNTHESIS OF THE VULNERABILITY
A local attacker can reuse the CIFS session of another user, in
order to access to his data.
Severity: 2/4
Creation date: 15/04/2011
IMPACTED PRODUCTS
– Linux kernel
DESCRIPTION OF THE VULNERABILITY
The kernel implements a CIFS client to access to resources shared
with CIFS/SMB.
The cifs_find_smb_ses() function of the fs/cifs/connect.c file
returns information about the user of the CIFS client (who mounted
a network share). However, if a local attacker uses an empty
password, this function returns parameters of the first user.
A local attacker can therefore reuse the CIFS session of another
user, in order to access to his data.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/Linux-kernel-reuse-of-CIFS-session-10568