This service will be undergoing maintenance at 00:00 UTC, 2017-10-23 It is expected to last about 30 minutes
Bug 998401 - (CVE-2013-4247) CVE-2013-4247 kernel: cifs: off-by-one bug in build_unc_path_to_root
CVE-2013-4247 kernel: cifs: off-by-one bug in build_unc_path_to_root
Status: CLOSED WONTFIX
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
unspecified
All Linux
medium Severity medium
: ---
: ---
Assigned To: Red Hat Product Security
impact=moderate,public=20130531,repor...
: Security
Depends On:
Blocks: 979015
  Show dependency treegraph
 
Reported: 2013-08-19 04:34 EDT by Prasad J Pandit
Modified: 2016-03-04 05:48 EST (History)
28 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2014-06-10 01:18:02 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Prasad J Pandit 2013-08-19 04:34:33 EDT
Linux kernel built with the Common Internet File System (CONFIG_CIFS) support along with a feature to access Distributed File Systems (CONFIG_CIFS_DFS_UPCALL), is vulnerable to a memory corruption flaw caused by writing one byte past an allocated memory area. It occurs while mounting a DFS share wherein the server provides DFS referral names of certain length. The memory corruption leads to an unresponsive kernel and subsequent crash resulting in Denial of Service.

An user/program able to mount a file system could use this flaw to crash the kernel resulting in DoS.

Upstream fix:
-------------
 -> https://git.kernel.org/linus/1fc29bacedeabb278080e31bb9c1ecb49f143c3b

Reference:
----------
 -> http://www.openwall.com/lists/oss-security/2013/08/14/8
Comment 1 Prasad J Pandit 2013-08-19 04:37:48 EDT
Statement:

This issue does not affect the versions of the kernel package as shipped with Red Hat Enterprise Linux 5, 6 and Red Hat Enterprise MRG 2.

Note You need to log in before you can comment on or make changes to this bug.