Linux_Kernel_SMB_Filesystem_smb_receive_Transaction2_vulnerability_attack

A vulnerability exists in the Linux kernel which refers to an insufficient boundary validation when defragmenting an SMB Transaction2 response. A specially crafted SMB Transaction2 response can trigger an out of boundary write when the kernel copies a defragmented packet. If an attacker is able to control a Samba server or to intercept and modify the SMB traffic, he can attempt to exploit this vulnerability to cause a denial of service condition. The kernel of the target system will generate an exception as a result of a successful attack. The exception is handled and the SMB request that triggered the malicious response is never completed. The affected SMB share will become inaccessible, and remain so until a reboot of the system. The system as a whole will be unaffected.