Bug#717958: marked as done (kfreebsd-9: CVE-2013-4851: nfsserver applies wrong credentials)

To: Steven Chamberlain <steven@pyro.eu.org>
Subject: Bug#717958: marked as done (kfreebsd-9: CVE-2013-4851: nfsserver applies wrong credentials)
From: owner@bugs.debian.org (Debian Bug Tracking System)
Date: Sun, 11 Aug 2013 16:42:11 +0000
Message-id: <[🔎] handler.717958.D717958.13762391992894.ackdone@bugs.debian.org>
References: <5207BE58.3070208@pyro.eu.org> <51F3A468.2030604@pyro.eu.org>

Your message dated Sun, 11 Aug 2013 17:39:52 +0100
with message-id <5207BE58.3070208@pyro.eu.org>
and subject line Re: Bug#717958: kfreebsd-9: CVE-2013-4851: nfsserver applies wrong credentials
has caused the Debian Bug report #717958,
regarding kfreebsd-9: CVE-2013-4851: nfsserver applies wrong credentials
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
717958: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=717958
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems

--- Begin Message ---

To: submit@bugs.debian.org
Subject: kfreebsd-9: CVE-2013-4851: nfsserver applies wrong credentials
From: Steven Chamberlain <steven@pyro.eu.org>
Date: Sat, 27 Jul 2013 11:43:52 +0100
Message-id: <51F3A468.2030604@pyro.eu.org>

Package: src:kfreebsd-9
Version: 9.0-10+deb70.2
Severity: grave
Tags: security upstream
Control: found -1 kfreebsd-9/9.0~svn223109-0.1

The FreeBSD NFS server implementation applies the wrong group
credentials (supplied by the client) to an authenticated NFS session in
specific configurations (exports defined using -mapall or -maproot with
-network or -host).

http://security.FreeBSD.org/advisories/FreeBSD-SA-13:08.nfsserver.asc

This was fixed in kfreebsd-10 since r244226, but the security
implications for kfreebsd-9 and kfreebsd-8 have just been realised.

-- System Information:
Debian Release: 7.1
  APT prefers proposed-updates
  APT policy: (500, 'proposed-updates'), (500, 'stable')
Architecture: kfreebsd-amd64 (x86_64)

Kernel: kFreeBSD 9.0-2-amd64-xenhvm
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages kfreebsd-image-9.0-2-amd64-xenhvm depends on:
ii  devd           9.0+ds1-11~deb7u1
ii  freebsd-utils  9.0+ds1-11~deb7u1
ii  kbdcontrol     9.0+ds1-11~deb7u1
ii  kldutils       9.0+ds1-11~deb7u1

kfreebsd-image-9.0-2-amd64-xenhvm recommends no packages.

kfreebsd-image-9.0-2-amd64-xenhvm suggests no packages.

-- no debconf information

--- End Message ---

--- Begin Message ---

To: 717958-done@bugs.debian.org

Subject: Re: Bug#717958: kfreebsd-9: CVE-2013-4851: nfsserver applies wrong credentials

From: Steven Chamberlain <steven@pyro.eu.org>

Date: Sun, 11 Aug 2013 17:39:52 +0100

Message-id: <5207BE58.3070208@pyro.eu.org>

In-reply-to: <51F3A468.2030604@pyro.eu.org>

References: <51F3A468.2030604@pyro.eu.org>
Source-Version: 9.2~svn253698-1

Upstream 9.2-BETA1 included a fix for SA-13:08 / CVE-2013-4851 (in SVN
r253693):
Incorrect privilege validation in the NFS server (Closes: #717958)
--- End Message ---

Reply to:

Prev by Date: Re: WEP wireless
Next by Date: intel graphics and audio driver
Previous by thread: Re: WEP wireless
Next by thread: intel graphics and audio driver
Index(es):
- Date
- Thread