First Last Prev Next    This bug is not in your last search results.
Bug 897101 - (CVE-2014-7145) VUL-0: CVE-2014-7145: kernel: cifs: remote null ptr dereference when DFS referals
(CVE-2014-7145)
VUL-0: CVE-2014-7145: kernel: cifs: remote null ptr dereference when DFS refe...
Status: RESOLVED FIXED
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P3 - Medium : Normal
: ---
Assigned To: David Disseldorp
Security Team bot
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2014-09-17 11:58 UTC by Marcus Meissner
Modified: 2015-02-18 18:24 UTC (History)
3 users (show)

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Marcus Meissner 2014-09-17 11:58:57 UTC 
via oss-sec

CVE will be assigned soon

Hi,

Commit 18f39e7b[1] of the linux kernel repository fixes a remote null
pointer dereference on the client when it resolves DFS referrals but
the server deletes the IPC$ share. The commit has already been merged
for the 3.16, 3.14, and 3.10 branches.

Could a CVE id be assigned please?

Thanks in advance.

[1]https://github.com/torvalds/linux/commit/18f39e7be0121317550d03e267e3ebd4dbfbb3ce

Cheers,
-- 
Raphael Geissert - Debian Developer
www.debian.org - get.debian.net
Comment 1 Marcus Meissner 2014-09-17 15:12:06 UTC 
code snippet seems not in 3.0 sle11 sp3 branch.
Comment 2 Swamp Workflow Management 2014-09-17 22:00:36 UTC 
bugbot adjusting priority
Comment 3 David Disseldorp 2014-09-18 14:50:56 UTC 
(In reply to comment #1)
> code snippet seems not in 3.0 sle11 sp3 branch.

Indeed, this should be SLE12+ only. SMB2 support is not included in SLE11spX.
Comment 4 David Disseldorp 2014-09-18 23:41:50 UTC 
I've pushed a SLE12 based branch with the fix to:
http://git.suse.de/?p=ddiss/suse_kernel;a=shortlog;h=refs/heads/bnc897101_dfs_null_deref

https://build.suse.de/package/show/home:dmdiss:bnc897101_dfs_null_deref/kernel-default

I'm currently hitting a panic on boot with the latest kernel, so haven't been able to test it yet.
Comment 5 David Disseldorp 2014-09-19 12:32:55 UTC 
Fix queued for SLE12 via:

commit cfc6590821b145608a917d9e2667363043d0bb05
Author: David Disseldorp <ddiss@suse.de>
Date:   Thu Sep 18 17:27:55 2014 +0200

    cifs: avoid null deref in SMB2_tcon (bnc#897101)
    
    - patches.fixes/CIFS-Possible-null-ptr-deref-in-SMB2_tcon.patch

This fix is not needed for SLE11SPx or openSUSE 13.1, which build without SMB2 support.
Comment 6 David Disseldorp 2014-09-19 13:00:48 UTC 
One note, the change-log entry doesn't reference a CVE#, as so far none has been assigned.
Comment 7 Marcus Meissner 2014-09-22 06:26:15 UTC 
CVE-2014-7145
Comment 8 Swamp Workflow Management 2015-01-16 13:11:51 UTC 
SUSE-SU-2015:0068-1: An update that solves 11 vulnerabilities and has 62 fixes is now available.

Category: security (important)
Bug References: 851603,853040,860441,862957,863526,870498,873228,874025,877622,879255,880767,880892,881085,883139,887046,887382,887418,889295,889297,891259,891619,892254,892612,892650,892860,893454,894057,894863,895221,895387,895468,895680,895983,896391,897101,897736,897770,897912,898234,898297,899192,899489,899551,899785,899787,899908,900126,901090,901774,901809,901925,902010,902016,902346,902893,902898,903279,903307,904013,904077,904115,904354,904871,905087,905100,905296,905758,905772,907818,908184,909077,910251,910697
CVE References: CVE-2013-6405,CVE-2014-3185,CVE-2014-3610,CVE-2014-3611,CVE-2014-3647,CVE-2014-3673,CVE-2014-7826,CVE-2014-7841,CVE-2014-8133,CVE-2014-9090,CVE-2014-9322
Sources used:
SUSE Linux Enterprise Software Development Kit 12 (src):    kernel-docs-3.12.32-33.3, kernel-obs-build-3.12.32-33.1
SUSE Linux Enterprise Server 12 (src):    kernel-source-3.12.32-33.1, kernel-syms-3.12.32-33.1
SUSE Linux Enterprise Desktop 12 (src):    kernel-source-3.12.32-33.1, kernel-syms-3.12.32-33.1
First Last Prev Next    This bug is not in your last search results.