Upstream information

CVE-2013-4247 at MITRE

Description

Off-by-one error in the build_unc_path_to_root function in fs/cifs/connect.c in the Linux kernel before 3.9.6 allows remote attackers to cause a denial of service (memory corruption and system crash) via a DFS share mount operation that triggers use of an unexpected DFS referral name length.

SUSE information

Overall state of this security issue: Does not affect SUSE products

This issue is currently rated as having moderate severity.

CVSS v2 Scores
  National Vulnerability Database
Base Score 7.8
Vector AV:N/AC:L/Au:N/C:N/I:N/A:C
Access Vector Network
Access Complexity Low
Authentication None
Confidentiality Impact None
Integrity Impact None
Availability Impact Complete

Note from the SUSE Security Team

This issue was introduced in the 3.7 Linux kernel, and does not affect older versions. So SUSE Linux Enterprise 10 and 11 are not affected.

SUSE Bugzilla entry: 835652 [RESOLVED / FIXED]

No SUSE Security Announcements cross referenced.