Release date:
Updated on:
Affected Systems:
Linux kernel 2.6.x
Description:
--------------------------------------------------------------------------------
Bugtraq id: 49295
Cve id: CVE-2011-3191
Linux Kernel is the Kernel of the Linux operating system.
Linux Kernel has a denial of service vulnerability in the implementation of the CIFSFindNext () function. Remote attackers can exploit this vulnerability to crash the application and cause a denial of service.
This vulnerability is caused by a signature error in the "CIFSFindNext ()" function (fs/cifs/cifssmb. c). The client crashes by sending a specially crafted CIFS message.
<* Source: Darren Lavender
Link: https://bugzilla.redhat.com/show_bug.cgi? Id = 732869
Https://patchwork.kernel.org/patch/1088082/
*>
Suggestion:
--------------------------------------------------------------------------------
Vendor patch:
Linux
-----
Currently, the vendor does not provide patches or upgrade programs. We recommend that users who use the software follow the vendor's homepage to obtain the latest version:
Http://www.kernel.org/