| Revision Date: | 2018-03-02 | Version: | 1 | | Title: | CVE-2018-1066 on Ubuntu 18.10 (cosmic) - medium. | | Description: | The Linux kernel before version 4.11 is vulnerable to a NULL pointer dereference in fs/cifs/cifsencrypt.c:setup_ntlmv2_rsp() that allows an attacker controlling a CIFS server to kernel panic a client that has this server mounted, because an empty TargetInfo field in an NTLMSSP setup negotiation response is mishandled during session recovery. It was discovered that the CIFS client implementation in the Linux kernel did not properly handle setup negotiation during session recovery, leading to a NULL pointer exception. An attacker could use this to create a malicious CIFS server that caused a denial of service (client system crash).
| | Family: | unix | Class: | vulnerability | | Status: | | Reference(s): | CVE-2018-1066
| | Platform(s): | Ubuntu 18.10
| Product(s): | | | Definition Synopsis | | Ubuntu 18.10 (cosmic) is installed. AND Package Information
NOT While related to the CVE in some way, the 'linux' package in cosmic is not affected (note: '4.15.0-20.21').
OR NOT While related to the CVE in some way, the 'linux-aws' package in cosmic is not affected (note: '4.15.0-1007.7').
OR NOT While related to the CVE in some way, the 'linux-azure' package in cosmic is not affected (note: '4.15.0-1009.9').
OR NOT While related to the CVE in some way, the 'linux-gcp' package in cosmic is not affected (note: '4.15.0-1006.6').
OR NOT While related to the CVE in some way, the 'linux-kvm' package in cosmic is not affected (note: '4.15.0-1008.8').
OR NOT While related to the CVE in some way, the 'linux-oem' package in cosmic is not affected (note: '4.15.0-1004.5').
OR NOT While related to the CVE in some way, the 'linux-oracle' package in cosmic is not affected.
OR NOT While related to the CVE in some way, the 'linux-raspi2' package in cosmic is not affected (note: '4.15.0-1010.11').
|
|