CVE-2011-1585

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 2.6.36

Description The issue is related to the cifs find smb ses function in fs/cifs/connect.c, which does not properly determine the associations between users and sessions. This allows local users to bypass CIFS share authentication by leveraging a mount of a share by a different user. There is also mention of multiple vulnerabilities in the kernel-kdumppae package of SUSE Linux Enterprise, which can be exploited remotely to disrupt the availability of protected information.

Recommendations For Linux kernel versions prior to 2.6.36, update to version 2.6.36 or later to resolve the issue. As a temporary workaround, consider restricting access to shared mounts to minimize the risk of exploitation. Avoid using shared mounts of CIFS shares by different users until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for the kernel-kdumppae package vulnerabilities in SUSE Linux Enterprise.