[linux-cifs-client] just what is the impact of the ASN.1
vulnerability? (CVE-2008-1673)
Jason Haar
Jason.Haar at trimble.co.nz
Wed Jun 11 04:34:55 GMT 2008
According to SANS, we all have to upgrade to 2.6.25.5 due to a bug in
the Linux kernel ASN parser as it impacts the cifs module.
However, wouldn't it really only be an issue if you were prone to
connect to random strangers via CIFS? i.e. in a corporate environment,
where you are using CIFS to mount other corporate Windows servers, just
how much of a risk is it really? I mean - this only affects "mount.cifs"
- not Samba - right?
References:
http://isc.sans.org/diary.php?storyid=4555&rss
http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.25.5
--
Cheers
Jason Haar
Information Security Manager, Trimble Navigation Ltd.
Phone: +64 3 9635 377 Fax: +64 3 9635 417
PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1
More information about the linux-cifs-client
mailing list