Linux Kernel CIFS SMB Mount Traversal chroot Restriction Bypass

2006-04-19T09:17:36
ID OSVDB:25068
Type osvdb
Reporter Marcel Holtmann()
Modified 2006-04-19T09:17:36

Description

Vulnerability Description

The Linux Kernel contains a flaw that may allow a malicious user to escape a chroot environment. The issue is triggered when a user attempts to change to a working directory outside a chroot environment in a CIFS file system using a double backslash, e.g. 'cd ..\'. It is possible that the flaw may allow unauthorised access to file system resources, resulting in a loss of confidentiality and/or integrity.

Solution Description

Upgrade to version 2.6.16.11 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

The Linux Kernel contains a flaw that may allow a malicious user to escape a chroot environment. The issue is triggered when a user attempts to change to a working directory outside a chroot environment in a CIFS file system using a double backslash, e.g. 'cd ..\'. It is possible that the flaw may allow unauthorised access to file system resources, resulting in a loss of confidentiality and/or integrity.

References:

Vendor Specific News/Changelog Entry: http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=296034f7de8bdf111984ce1630ac598a9c94a253 Vendor Specific News/Changelog Entry: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=189434 Vendor Specific News/Changelog Entry: http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.16.11 Vendor Specific Advisory URL Vendor Specific Advisory URL Secunia Advisory ID:20398 Secunia Advisory ID:21614 Secunia Advisory ID:19868 CVE-2006-1863 Bugtraq ID: 17742