7.1

CVE-2018-1066

The Linux kernel before version 4.11 is vulnerable to a NULL pointer dereference in fs/cifs/cifsencrypt.c:setup_ntlmv2_rsp() that allows an attacker controlling a CIFS server to kernel panic a client that has this server mounted, because an empty TargetInfo field in an NTLMSSP setup negotiation response is mishandled during session recovery.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version <= 4.10.15
DebianDebian Linux Version8.0
DebianDebian Linux Version9.0
CanonicalUbuntu Linux Version12.04 SwEditionesm
CanonicalUbuntu Linux Version14.04 SwEditionlts
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 3.5% 0.878
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6.5 2.8 3.6
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
nvd@nist.gov 7.1 8.6 6.9
AV:N/AC:M/Au:N/C:N/I:N/A:C
CWE-476 NULL Pointer Dereference

The product dereferences a pointer that it expects to be valid but is NULL.

https://www.debian.org/security/2018/dsa-4187
Third Party Advisory
https://www.debian.org/security/2018/dsa-4188
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2018/07/msg00015.html
Third Party Advisory
Mailing List
https://lists.debian.org/debian-lts-announce/2018/07/msg00016.html
Third Party Advisory
Mailing List
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=cabfb3680f78981d26c078a26e5c748531257ebb
Patch
Vendor Advisory
http://www.securityfocus.com/bid/103378
Third Party Advisory
VDB Entry
https://bugzilla.redhat.com/show_bug.cgi?id=1539599
Third Party Advisory
Issue Tracking
https://github.com/torvalds/linux/commit/cabfb3680f78981d26c078a26e5c748531257ebb
Patch
Third Party Advisory
https://patchwork.kernel.org/patch/10187633/
Patch
Third Party Advisory
https://usn.ubuntu.com/3880-1/
Third Party Advisory
https://usn.ubuntu.com/3880-2/
Third Party Advisory