blob: be260f163af7af28fb05aab061ddb5d4d2a16d84 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
|
Description: CIFS: Relative paths injection in directory entry lists
References:
https://bugzilla.redhat.com/show_bug.cgi?id=1741727
https://bugzilla.suse.com/show_bug.cgi?id=1144903
https://bugzilla.samba.org/show_bug.cgi?id=14072
Notes:
carnil> Needed a followup c512c6918719 ("uaccess: implement a proper
carnil> unsafe_copy_to_user() and switch filldir over to it"), cf.
carnil> https://lore.kernel.org/linux-fsdevel/20191006222046.GA18027@roeck-us.net/
carnil> which landed in 5.4-rc3.
bwh> Although this was reported against CIFS, it seems to be a general
bwh> vulnerability for all filesystems dealing with untrusted servers or
bwh> storage. Thankfully the fix is also general.
bwh> The changes to uaccess in filldir are *not* required.
Bugs:
upstream: released (5.4-rc4) [8a23eb804ca4f2be909e372cf5a9e7b30ae476cd, b9959c7a347d6adbb558fba7e36e9fef3cba3b07]
4.19-upstream-stable: released (4.19.93) [40696eb2bce798c4764886fbc576426bd5c4cc3c, 0643c3d694ad9f1e5cb0bc7a487bf9f86a5eaf75]
4.9-upstream-stable: released (4.9.208) [89f58402e7088d38365f227a7943b1b3fed7489b, 1944687187713590a8722f3f1dfd1cd90e7cbde6]
3.16-upstream-stable: released (3.16.81) [8b85eda7dac918a308e6e1d9137887930e80827a, 0ad70158f3c02e373e17377237b85e43f06d6752]
sid: released (5.3.9-1)
4.19-buster-security: released (4.19.98-1)
4.9-stretch-security: released (4.9.210-1)
3.16-jessie-security: released (3.16.81-1)
|