CVE-2011-1585

Bug #869208 reported by Marc Deslauriers on 2011-10-06
260
This bug affects 1 person
Affects Status Importance Assigned to Milestone
linux (Ubuntu)
Medium
Unassigned
Hardy
Medium
Unassigned
Lucid
Medium
Unassigned
Maverick
Medium
Andy Whitcroft
Natty
Medium
Unassigned
Oneiric
Medium
Unassigned
Precise
Medium
Unassigned
Quantal
Medium
Unassigned
linux-armadaxp (Ubuntu)
Medium
Unassigned
Hardy
Medium
Unassigned
Lucid
Medium
Unassigned
Maverick
Undecided
Unassigned
Natty
Medium
Unassigned
Oneiric
Medium
Unassigned
Precise
Medium
Unassigned
Quantal
Medium
Unassigned
linux-ec2 (Ubuntu)
Medium
Unassigned
Hardy
Medium
Unassigned
Lucid
Medium
Unassigned
Maverick
Medium
Unassigned
Natty
Medium
Unassigned
Oneiric
Medium
Unassigned
Precise
Medium
Unassigned
Quantal
Medium
Unassigned
linux-fsl-imx51 (Ubuntu)
Medium
Unassigned
Hardy
Medium
Unassigned
Lucid
Medium
Unassigned
Maverick
Medium
Unassigned
Natty
Medium
Unassigned
Oneiric
Medium
Unassigned
Precise
Medium
Unassigned
Quantal
Medium
Unassigned
linux-lts-backport-maverick (Ubuntu)
Medium
Unassigned
Hardy
Medium
Unassigned
Lucid
Medium
Unassigned
Maverick
Medium
Unassigned
Natty
Medium
Unassigned
Oneiric
Medium
Unassigned
Precise
Medium
Unassigned
Quantal
Medium
Unassigned
linux-lts-backport-natty (Ubuntu)
Medium
Unassigned
Hardy
Medium
Unassigned
Lucid
Medium
Unassigned
Maverick
Medium
Unassigned
Natty
Medium
Unassigned
Oneiric
Medium
Unassigned
Precise
Medium
Unassigned
Quantal
Medium
Unassigned
linux-lts-backport-oneiric (Ubuntu)
Medium
Unassigned
Hardy
Medium
Unassigned
Lucid
Medium
Unassigned
Maverick
Medium
Unassigned
Natty
Medium
Unassigned
Oneiric
Medium
Unassigned
Precise
Medium
Unassigned
Quantal
Medium
Unassigned
linux-mvl-dove (Ubuntu)
Medium
Unassigned
Hardy
Medium
Unassigned
Lucid
Medium
Unassigned
Maverick
Medium
Unassigned
Natty
Medium
Unassigned
Oneiric
Medium
Unassigned
Precise
Medium
Unassigned
Quantal
Medium
Unassigned
linux-ti-omap4 (Ubuntu)
Medium
Unassigned
Hardy
Medium
Unassigned
Lucid
Medium
Unassigned
Maverick
Medium
Andy Whitcroft
Natty
Medium
Unassigned
Oneiric
Medium
Unassigned
Precise
Medium
Unassigned
Quantal
Medium
Unassigned

Bug Description

While a user has a CIFS share mounted that required successful authentication, a local, unprivileged user could mount that share without knowing the correct password if mount.cifs was setuid root.

Break-Fix: - 4ff67b720c02c36e54d55b88c2931879b7db1cd2
Break-Fix: - fc87a40677bbe0937e2ff0642c7e83c9a4813f3d
Break-Fix: - 24e6cf92fde1f140d8eb0bf7cd24c2c78149b6b2

Marc Deslauriers (mdeslaur) wrote :

CVE-2011-1585

tags: added: kernel-cve-tracking-bug
security vulnerability: no → yes
security vulnerability: no → yes
Changed in linux-ec2 (Ubuntu Lucid):
status: New → Fix Committed
Changed in linux-ec2 (Ubuntu Oneiric):
status: New → Invalid
Changed in linux-ec2 (Ubuntu Hardy):
status: New → Invalid
Changed in linux-ec2 (Ubuntu Natty):
status: New → Invalid
Changed in linux-lts-backport-natty (Ubuntu Lucid):
status: New → Fix Committed
Changed in linux-lts-backport-natty (Ubuntu Oneiric):
status: New → Invalid
Changed in linux-lts-backport-natty (Ubuntu Hardy):
status: New → Invalid
Changed in linux-lts-backport-natty (Ubuntu Maverick):
status: New → Invalid
Changed in linux-lts-backport-natty (Ubuntu Natty):
status: New → Invalid
Changed in linux-mvl-dove (Ubuntu Lucid):
status: New → Fix Committed
Changed in linux-mvl-dove (Ubuntu Oneiric):
status: New → Invalid
Changed in linux-mvl-dove (Ubuntu Hardy):
status: New → Invalid
Changed in linux-mvl-dove (Ubuntu Maverick):
status: New → Fix Committed
Changed in linux-mvl-dove (Ubuntu Natty):
status: New → Invalid
Changed in linux-lts-backport-maverick (Ubuntu Oneiric):
status: New → Invalid
Changed in linux-lts-backport-maverick (Ubuntu Hardy):
status: New → Invalid
Changed in linux-lts-backport-maverick (Ubuntu Maverick):
status: New → Invalid
Changed in linux-lts-backport-maverick (Ubuntu Natty):
status: New → Invalid
Changed in linux (Ubuntu Lucid):
status: New → Fix Committed
Changed in linux (Ubuntu Oneiric):
status: New → Invalid
Changed in linux (Ubuntu Natty):
status: New → Fix Committed
Changed in linux-ti-omap4 (Ubuntu Lucid):
status: New → Invalid
Changed in linux-ti-omap4 (Ubuntu Oneiric):
status: New → Invalid
Changed in linux-ti-omap4 (Ubuntu Hardy):
status: New → Invalid
Changed in linux-ti-omap4 (Ubuntu Natty):
status: New → Fix Committed
Changed in linux-fsl-imx51 (Ubuntu Oneiric):
status: New → Invalid
Changed in linux-fsl-imx51 (Ubuntu Hardy):
status: New → Invalid
Changed in linux-fsl-imx51 (Ubuntu Maverick):
status: New → Invalid
Changed in linux-fsl-imx51 (Ubuntu Natty):
status: New → Invalid
description: updated
Changed in linux-ec2 (Ubuntu Lucid):
importance: Undecided → Medium
Changed in linux-ec2 (Ubuntu Oneiric):
importance: Undecided → Medium
Changed in linux-ec2 (Ubuntu Hardy):
importance: Undecided → Medium
Changed in linux-ec2 (Ubuntu Maverick):
status: New → Invalid
importance: Undecided → Medium
Changed in linux-ec2 (Ubuntu Natty):
importance: Undecided → Medium
Changed in linux-lts-backport-natty (Ubuntu Lucid):
importance: Undecided → Medium
Changed in linux-lts-backport-natty (Ubuntu Oneiric):
importance: Undecided → Medium
Changed in linux-lts-backport-natty (Ubuntu Hardy):
importance: Undecided → Medium
Changed in linux-lts-backport-natty (Ubuntu Maverick):
importance: Undecided → Medium
Changed in linux-lts-backport-natty (Ubuntu Natty):
importance: Undecided → Medium
Changed in linux-mvl-dove (Ubuntu Lucid):
importance: Undecided → Medium
Changed in linux-mvl-dove (Ubuntu Oneiric):
importance: Undecided → Medium
Changed in linux-mvl-dove (Ubuntu Hardy):
importance: Undecided → Medium
Changed in linux-mvl-dove (Ubuntu Maverick):
importance: Undecided → Medium
Changed in linux-mvl-dove (Ubuntu Natty):
importance: Undecided → Medium
Changed in linux-lts-backport-maverick (Ubuntu Lucid):
importance: Undecided → Medium
Changed in linux-lts-backport-maverick (Ubuntu Oneiric):
importance: Undecided → Medium
Changed in linux-lts-backport-maverick (Ubuntu Hardy):
importance: Undecided → Medium
Changed in linux-lts-backport-maverick (Ubuntu Maverick):
importance: Undecided → Medium
Changed in linux-lts-backport-maverick (Ubuntu Natty):
importance: Undecided → Medium
Changed in linux (Ubuntu Lucid):
importance: Undecided → Medium
Changed in linux (Ubuntu Oneiric):
importance: Undecided → Medium
Changed in linux (Ubuntu Hardy):
importance: Undecided → Medium
Changed in linux (Ubuntu Maverick):
importance: Undecided → Medium
Changed in linux (Ubuntu Natty):
importance: Undecided → Medium
Changed in linux-ti-omap4 (Ubuntu Lucid):
importance: Undecided → Medium
Changed in linux-ti-omap4 (Ubuntu Oneiric):
importance: Undecided → Medium
Changed in linux-ti-omap4 (Ubuntu Hardy):
importance: Undecided → Medium
Changed in linux-ti-omap4 (Ubuntu Maverick):
importance: Undecided → Medium
Changed in linux-ti-omap4 (Ubuntu Natty):
importance: Undecided → Medium
Changed in linux-fsl-imx51 (Ubuntu Lucid):
importance: Undecided → Medium
Changed in linux-fsl-imx51 (Ubuntu Oneiric):
importance: Undecided → Medium
Changed in linux-fsl-imx51 (Ubuntu Hardy):
importance: Undecided → Medium
Changed in linux-fsl-imx51 (Ubuntu Maverick):
importance: Undecided → Medium
Changed in linux-fsl-imx51 (Ubuntu Natty):
importance: Undecided → Medium
Changed in linux-ec2 (Ubuntu Lucid):
status: Fix Committed → Fix Released
Changed in linux-mvl-dove (Ubuntu Lucid):
status: Fix Committed → Fix Released
Changed in linux-mvl-dove (Ubuntu Maverick):
status: Fix Committed → Fix Released
Changed in linux (Ubuntu Lucid):
status: Fix Committed → Fix Released
Andy Whitcroft (apw) on 2011-10-18
Changed in linux (Ubuntu Maverick):
assignee: nobody → Andy Whitcroft (apw)
status: New → In Progress
Changed in linux-lts-backport-maverick (Ubuntu Lucid):
status: New → In Progress
Changed in linux-ti-omap4 (Ubuntu Maverick):
assignee: nobody → Andy Whitcroft (apw)
status: New → In Progress
Tim Gardner (timg-tpi) on 2011-10-25
Changed in linux (Ubuntu Hardy):
status: New → Fix Committed
Changed in linux-fsl-imx51 (Ubuntu Lucid):
status: New → Fix Committed
Changed in linux (Ubuntu Maverick):
status: In Progress → Fix Committed
Changed in linux-ti-omap4 (Ubuntu Maverick):
status: In Progress → Fix Committed
Changed in linux-lts-backport-oneiric (Ubuntu Oneiric):
status: New → Invalid
importance: Undecided → Medium
Changed in linux-lts-backport-oneiric (Ubuntu Lucid):
status: New → Invalid
importance: Undecided → Medium
Changed in linux-lts-backport-oneiric (Ubuntu Precise):
status: New → Invalid
importance: Undecided → Medium
Changed in linux-lts-backport-oneiric (Ubuntu Hardy):
status: New → Invalid
importance: Undecided → Medium
Changed in linux-lts-backport-oneiric (Ubuntu Maverick):
status: New → Invalid
importance: Undecided → Medium
Changed in linux-lts-backport-oneiric (Ubuntu Natty):
status: New → Invalid
importance: Undecided → Medium
Changed in linux-lts-backport-maverick (Ubuntu Lucid):
status: In Progress → Fix Committed
Changed in linux-lts-backport-natty (Ubuntu Lucid):
status: Fix Committed → Fix Released
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package linux - 2.6.24-30.96

---------------
linux (2.6.24-30.96) hardy-proposed; urgency=low

  [Herton R. Krzesinski]

  * Release Tracking Bug
    - LP: #887365

  [Upstream Kernel Changes]

  * net_sched: Fix qdisc_notify() - CVE-2011-2525
    - LP: #869250
    - CVE-2011-2525
  * mm: avoid wrapping vm_pgoff in mremap(), CVE-2011-2496
    - LP: #869243
    - CVE-2011-2496
  * vm: fix vm_pgoff wrap in stack expansion, CVE-2011-2496
    - LP: #869243
    - CVE-2011-2496
  * vm: fix vm_pgoff wrap in upward expansion, CVE-2011-2496
    - LP: #869243
    - CVE-2011-2496
  * NLM: Don't hang forever on NLM unlock requests - CVE-2011-2491
    - LP: #869237
    - CVE-2011-2491
  * cifs: ensure we check both username and password when reusing a
    session, CVE-2011-1585
    - LP: #869208
    - CVE-2011-1585
  * introduce explicit signed/unsigned 64bit divide, CVE-2011-3209
    - LP: #880890
    - CVE-2011-3209
  * remove div_long_long_rem, CVE-2011-3209
    - LP: #880890
    - CVE-2011-3209
  * gre: fix netns vs proto registration ordering, CVE-2011-1767
    - LP: #869213
    - CVE-2011-1767
  * tunnels: fix netns vs proto registration ordering, CVE-2011-1768
    - LP: #869215
    - CVE-2011-1768
 -- Herton Ronaldo Krzesinski <email address hidden> Mon, 07 Nov 2011 21:04:33 -0200

Changed in linux (Ubuntu Hardy):
status: Fix Committed → Fix Released
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package linux - 2.6.35-31.62

---------------
linux (2.6.35-31.62) maverick-proposed; urgency=low

  [Herton R. Krzesinski]

  * Release Tracking Bug
    - LP: #887378

  [ Upstream Kernel Changes ]

  * ipv6: restore correct ECN handling on TCP xmit
    - LP: #872179
  * nl80211: fix overflow in ssid_len - CVE-2011-2517
    - LP: #869245
    - CVE-2011-2517
  * vm: fix vm_pgoff wrap in stack expansion - CVE-2011-2496
    - LP: #869243
    - CVE-2011-2496
  * vm: fix vm_pgoff wrap in upward expansion - CVE-2011-2496
    - LP: #869243
    - CVE-2011-2496
  * ksm: fix NULL pointer dereference in scan_get_next_rmap_item() -
    CVE-2011-2183
    - LP: #869227
    - CVE-2011-2183
  * NLM: Don't hang forever on NLM unlock requests - CVE-2011-2491
    - LP: #869237
    - CVE-2011-2491
  * cifs: clean up cifs_find_smb_ses (try #2), CVE-2011-1585
    - LP: #869208
    - CVE-2011-1585
  * cifs: fix NULL pointer dereference in cifs_find_smb_ses, CVE-2011-1585
    - LP: #869208
    - CVE-2011-1585
  * cifs: check for NULL session password, CVE-2011-1585
    - LP: #869208
    - CVE-2011-1585
 -- Herton Ronaldo Krzesinski <email address hidden> Mon, 07 Nov 2011 21:56:31 -0200

Changed in linux (Ubuntu Maverick):
status: Fix Committed → Fix Released
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package linux-fsl-imx51 - 2.6.31-612.30

---------------
linux-fsl-imx51 (2.6.31-612.30) lucid-proposed; urgency=low

  * Release Tracking Bug
    - LP: #888698

  [ Herton Ronaldo Krzesinski ]

  * [Config] Use debian.env earlier

  [ Upstream Kernel Changes ]

  * NLM: Don't hang forever on NLM unlock requests - CVE-2011-2491
    - LP: #869237
    - CVE-2011-2491
  * cifs: clean up cifs_find_smb_ses (try #2), CVE-2011-1585
    - LP: #869208
    - CVE-2011-1585
  * cifs: fix NULL pointer dereference in cifs_find_smb_ses, CVE-2011-1585
    - LP: #869208
    - CVE-2011-1585
  * cifs: check for NULL session password, CVE-2011-1585
    - LP: #869208
    - CVE-2011-1585
  * gre: fix netns vs proto registration ordering, CVE-2011-1767
    - LP: #869213
    - CVE-2011-1767
  * netns xfrm: fixup xfrm6_tunnel error propagation, CVE-2011-1768
    - LP: #869215, #823296
    - CVE-2011-1768
  * tunnels: fix netns vs proto registration ordering, CVE-2011-1768
    - LP: #869215
    - CVE-2011-1768
 -- Paolo Pisati <email address hidden> Fri, 11 Nov 2011 12:34:18 +0100

Changed in linux-fsl-imx51 (Ubuntu Lucid):
status: Fix Committed → Fix Released
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package linux-ti-omap4 - 2.6.35-903.27

---------------
linux-ti-omap4 (2.6.35-903.27) maverick-proposed; urgency=low

  * Release Tracking Bug
    - LP: #888569

  [ Upstream Kernel Changes ]

  * mm: avoid wrapping vm_pgoff in mremap(), CVE-2011-2496
    - LP: #869243
    - CVE-2011-2496
  * cifs: clean up cifs_find_smb_ses (try #2), CVE-2011-1585
    - LP: #869208
    - CVE-2011-1585
  * cifs: fix NULL pointer dereference in cifs_find_smb_ses, CVE-2011-1585
    - LP: #869208
    - CVE-2011-1585
  * cifs: check for NULL session password, CVE-2011-1585
    - LP: #869208
    - CVE-2011-1585
 -- Paolo Pisati <email address hidden> Fri, 11 Nov 2011 15:05:54 +0100

Changed in linux-ti-omap4 (Ubuntu Maverick):
status: Fix Committed → Fix Released
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package linux-lts-backport-maverick - 2.6.35-31.62~lucid1

---------------
linux-lts-backport-maverick (2.6.35-31.62~lucid1) lucid-proposed; urgency=low

  [Herton R. Krzesinski]

  * Release Tracking Bug
    - LP: #888571

  [ Upstream Kernel Changes ]

  * ipv6: restore correct ECN handling on TCP xmit
    - LP: #872179
  * nl80211: fix overflow in ssid_len - CVE-2011-2517
    - LP: #869245
    - CVE-2011-2517
  * vm: fix vm_pgoff wrap in stack expansion - CVE-2011-2496
    - LP: #869243
    - CVE-2011-2496
  * vm: fix vm_pgoff wrap in upward expansion - CVE-2011-2496
    - LP: #869243
    - CVE-2011-2496
  * ksm: fix NULL pointer dereference in scan_get_next_rmap_item() -
    CVE-2011-2183
    - LP: #869227
    - CVE-2011-2183
  * NLM: Don't hang forever on NLM unlock requests - CVE-2011-2491
    - LP: #869237
    - CVE-2011-2491
  * cifs: clean up cifs_find_smb_ses (try #2), CVE-2011-1585
    - LP: #869208
    - CVE-2011-1585
  * cifs: fix NULL pointer dereference in cifs_find_smb_ses, CVE-2011-1585
    - LP: #869208
    - CVE-2011-1585
  * cifs: check for NULL session password, CVE-2011-1585
    - LP: #869208
    - CVE-2011-1585

linux (2.6.35-30.61) maverick-proposed; urgency=low

  [Herton R. Krzesinski]

  * Release Tracking Bug
    - LP: #871912

  [ Stefan Bader ]

  * [Config] Include all filesystem modules for virtual
    - LP: #761809

  [ Upstream Kernel Changes ]

  * crypto: Move md5_transform to lib/md5.c, CVE-2011-3188
    - LP: #834129
    - CVE-2011-3188
  * net: Compute protocol sequence numbers and fragment IDs using MD5,
    CVE-2011-3188
    - LP: #834129
    - CVE-2011-3188
  * ext4: Fix max file size and logical block counting of extent format
    file, CVE-2011-2695
    - LP: #819574
    - CVE-2011-2695
  * cifs: add fallback in is_path_accessible for old servers, CVE-2011-3363
    - LP: #866034
    - CVE-2011-3363
  * Make TASKSTATS require root access, CVE-2011-2494
    - LP: #866021
    - CVE-2011-2494
  * proc: restrict access to /proc/PID/io, CVE-2011-2495
    - LP: #866025
    - CVE-2011-2495
  * proc: fix a race in do_io_accounting(), CVE-2011-2495
    - LP: #866025
    - CVE-2011-2495
  * inotify: fix double free/corruption of stuct user
    - LP: #869203
    - CVE-2011-1479
  * staging: comedi: fix infoleak to userspace, CVE-2011-2909
    - LP: #869261
    - CVE-2011-2909
  * perf tools: do not look at ./config for configuration, CVE-2011-2905
    - LP: #869259
    - CVE-2011-2905
 -- Herton Ronaldo Krzesinski <email address hidden> Thu, 10 Nov 2011 15:25:11 -0200

Changed in linux-lts-backport-maverick (Ubuntu Lucid):
status: Fix Committed → Fix Released
Changed in linux-mvl-dove (Ubuntu Maverick):
status: Fix Released → Invalid
Changed in linux (Ubuntu Maverick):
status: Fix Released → Invalid
Changed in linux-ti-omap4 (Ubuntu Maverick):
status: Fix Released → Invalid
John Johansen (jjohansen) wrote :

revert scripting error

Changed in linux (Ubuntu Maverick):
status: Invalid → Fix Released
Changed in linux-mvl-dove (Ubuntu Maverick):
status: Invalid → Fix Released
Changed in linux-ti-omap4 (Ubuntu Maverick):
status: Invalid → Fix Released
Changed in linux-armadaxp (Ubuntu Maverick):
status: New → Invalid
Changed in linux-armadaxp (Ubuntu Precise):
importance: Undecided → Medium
Changed in linux-armadaxp (Ubuntu Oneiric):
status: New → Invalid
importance: Undecided → Medium
Changed in linux-armadaxp (Ubuntu Lucid):
status: New → Invalid
importance: Undecided → Medium
Changed in linux-armadaxp (Ubuntu Hardy):
status: New → Invalid
importance: Undecided → Medium
Changed in linux-armadaxp (Ubuntu Natty):
status: New → Invalid
importance: Undecided → Medium
Changed in linux-armadaxp (Ubuntu Precise):
status: New → Fix Committed
Changed in linux-armadaxp (Ubuntu Quantal):
status: New → Fix Committed
importance: Undecided → Medium
Ike Panhc (ikepanhc) wrote :

patches already in linux-armadaxp and released

Changed in linux-armadaxp (Ubuntu Precise):
status: Fix Committed → Fix Released
Changed in linux-armadaxp (Ubuntu Quantal):
status: Fix Committed → Fix Released
Changed in linux-ti-omap4 (Ubuntu Natty):
status: Fix Committed → Won't Fix
Jamie Strandboge (jdstrand) wrote :

Thank you for reporting this bug to Ubuntu. natty has reached EOL
(End of Life) for this package and is no longer supported. As
a result, this bug against natty is being marked "Won't Fix".
Please see https://wiki.ubuntu.com/Releases for currently
supported Ubuntu releases.

Please feel free to report any other bugs you may find.

Changed in linux (Ubuntu Natty):
status: Fix Committed → Won't Fix
To post a comment you must log in.
This report contains Public Security information  Edit
Everyone can see this security related information.

Other bug subscribers