Bug#310982: marked as done (smbmount does not honor uid and gid options with 2.4 kernel)
Your message dated Sat, 17 Feb 2007 12:10:08 +0000
with message-id <E1HIOOG-0005LN-0w@ries.debian.org>
and subject line Bug#310982: fixed in kernel-image-2.4.27-i386 2.4.27-10sarge5
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--- Begin Message ---
- To: Debian Bug Tracking System <submit@bugs.debian.org>
- Subject: smbmount does not honor uid and gid options with 2.4 kernel
- From: Bill Allombert <ballombe@debian.org>
- Date: Fri, 27 May 2005 15:14:01 +0200
- Message-id: <20050527131401.GA28161@yellowpig.yi.org>
Package: smbfs
Version: 3.0.14a-1
Severity: serious
Justification: break security on upgrade
Hello Debian samba maintainers,
smbmount does not honour the uid and gid option with the sarge 2.4
kernel when the server has 'unix extensions' enabled.
The security problem is that 'unix extension' are not enabled with woody samba
server but are enabled by the upgrade to sarge (since this is the
default). At this point the bug in smbmount on the samba client allow
users on the client to access the samba share with the same permission
they would have on the server disregarding the uid/gid option passed to
smbmount.
Cheers,
--
Bill. <ballombe@debian.org>
Imagine a large red swirl here.
-- System Information:
Debian Release: 3.1
Architecture: i386 (i686)
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 2.4.27-2-386
Locale: LANG=fr_FR, LC_CTYPE=fr_FR (charmap=ISO-8859-1)
--- End Message ---
--- Begin Message ---
- To: 310982-close@bugs.debian.org
- Subject: Bug#310982: fixed in kernel-image-2.4.27-i386 2.4.27-10sarge5
- From: dann frazier <dannf@debian.org>
- Date: Sat, 17 Feb 2007 12:10:08 +0000
- Message-id: <E1HIOOG-0005LN-0w@ries.debian.org>
Source: kernel-image-2.4.27-i386
Source-Version: 2.4.27-10sarge5
We believe that the bug you reported is fixed in the latest version of
kernel-image-2.4.27-i386, which is due to be installed in the Debian FTP archive:
kernel-build-2.4.27-3_2.4.27-10sarge5_i386.deb
to pool/main/k/kernel-image-2.4.27-i386/kernel-build-2.4.27-3_2.4.27-10sarge5_i386.deb
kernel-headers-2.4.27-3-386_2.4.27-10sarge5_i386.deb
to pool/main/k/kernel-image-2.4.27-i386/kernel-headers-2.4.27-3-386_2.4.27-10sarge5_i386.deb
kernel-headers-2.4.27-3-586tsc_2.4.27-10sarge5_i386.deb
to pool/main/k/kernel-image-2.4.27-i386/kernel-headers-2.4.27-3-586tsc_2.4.27-10sarge5_i386.deb
kernel-headers-2.4.27-3-686-smp_2.4.27-10sarge5_i386.deb
to pool/main/k/kernel-image-2.4.27-i386/kernel-headers-2.4.27-3-686-smp_2.4.27-10sarge5_i386.deb
kernel-headers-2.4.27-3-686_2.4.27-10sarge5_i386.deb
to pool/main/k/kernel-image-2.4.27-i386/kernel-headers-2.4.27-3-686_2.4.27-10sarge5_i386.deb
kernel-headers-2.4.27-3-k6_2.4.27-10sarge5_i386.deb
to pool/main/k/kernel-image-2.4.27-i386/kernel-headers-2.4.27-3-k6_2.4.27-10sarge5_i386.deb
kernel-headers-2.4.27-3-k7-smp_2.4.27-10sarge5_i386.deb
to pool/main/k/kernel-image-2.4.27-i386/kernel-headers-2.4.27-3-k7-smp_2.4.27-10sarge5_i386.deb
kernel-headers-2.4.27-3-k7_2.4.27-10sarge5_i386.deb
to pool/main/k/kernel-image-2.4.27-i386/kernel-headers-2.4.27-3-k7_2.4.27-10sarge5_i386.deb
kernel-headers-2.4.27-3_2.4.27-10sarge5_i386.deb
to pool/main/k/kernel-image-2.4.27-i386/kernel-headers-2.4.27-3_2.4.27-10sarge5_i386.deb
kernel-image-2.4.27-3-386_2.4.27-10sarge5_i386.deb
to pool/main/k/kernel-image-2.4.27-i386/kernel-image-2.4.27-3-386_2.4.27-10sarge5_i386.deb
kernel-image-2.4.27-3-586tsc_2.4.27-10sarge5_i386.deb
to pool/main/k/kernel-image-2.4.27-i386/kernel-image-2.4.27-3-586tsc_2.4.27-10sarge5_i386.deb
kernel-image-2.4.27-3-686-smp_2.4.27-10sarge5_i386.deb
to pool/main/k/kernel-image-2.4.27-i386/kernel-image-2.4.27-3-686-smp_2.4.27-10sarge5_i386.deb
kernel-image-2.4.27-3-686_2.4.27-10sarge5_i386.deb
to pool/main/k/kernel-image-2.4.27-i386/kernel-image-2.4.27-3-686_2.4.27-10sarge5_i386.deb
kernel-image-2.4.27-3-k6_2.4.27-10sarge5_i386.deb
to pool/main/k/kernel-image-2.4.27-i386/kernel-image-2.4.27-3-k6_2.4.27-10sarge5_i386.deb
kernel-image-2.4.27-3-k7-smp_2.4.27-10sarge5_i386.deb
to pool/main/k/kernel-image-2.4.27-i386/kernel-image-2.4.27-3-k7-smp_2.4.27-10sarge5_i386.deb
kernel-image-2.4.27-3-k7_2.4.27-10sarge5_i386.deb
to pool/main/k/kernel-image-2.4.27-i386/kernel-image-2.4.27-3-k7_2.4.27-10sarge5_i386.deb
kernel-image-2.4.27-i386_2.4.27-10sarge5.dsc
to pool/main/k/kernel-image-2.4.27-i386/kernel-image-2.4.27-i386_2.4.27-10sarge5.dsc
kernel-image-2.4.27-i386_2.4.27-10sarge5.tar.gz
to pool/main/k/kernel-image-2.4.27-i386/kernel-image-2.4.27-i386_2.4.27-10sarge5.tar.gz
kernel-pcmcia-modules-2.4.27-3-386_2.4.27-10sarge5_i386.deb
to pool/main/k/kernel-image-2.4.27-i386/kernel-pcmcia-modules-2.4.27-3-386_2.4.27-10sarge5_i386.deb
kernel-pcmcia-modules-2.4.27-3-586tsc_2.4.27-10sarge5_i386.deb
to pool/main/k/kernel-image-2.4.27-i386/kernel-pcmcia-modules-2.4.27-3-586tsc_2.4.27-10sarge5_i386.deb
kernel-pcmcia-modules-2.4.27-3-686-smp_2.4.27-10sarge5_i386.deb
to pool/main/k/kernel-image-2.4.27-i386/kernel-pcmcia-modules-2.4.27-3-686-smp_2.4.27-10sarge5_i386.deb
kernel-pcmcia-modules-2.4.27-3-686_2.4.27-10sarge5_i386.deb
to pool/main/k/kernel-image-2.4.27-i386/kernel-pcmcia-modules-2.4.27-3-686_2.4.27-10sarge5_i386.deb
kernel-pcmcia-modules-2.4.27-3-k6_2.4.27-10sarge5_i386.deb
to pool/main/k/kernel-image-2.4.27-i386/kernel-pcmcia-modules-2.4.27-3-k6_2.4.27-10sarge5_i386.deb
kernel-pcmcia-modules-2.4.27-3-k7-smp_2.4.27-10sarge5_i386.deb
to pool/main/k/kernel-image-2.4.27-i386/kernel-pcmcia-modules-2.4.27-3-k7-smp_2.4.27-10sarge5_i386.deb
kernel-pcmcia-modules-2.4.27-3-k7_2.4.27-10sarge5_i386.deb
to pool/main/k/kernel-image-2.4.27-i386/kernel-pcmcia-modules-2.4.27-3-k7_2.4.27-10sarge5_i386.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 310982@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
dann frazier <dannf@debian.org> (supplier of updated kernel-image-2.4.27-i386 package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Tue, 5 Dec 2006 01:20:25 -0700
Source: kernel-image-2.4.27-i386
Binary: kernel-image-2.4.27-3-686 kernel-image-2.4.27-3-586tsc kernel-image-2.4.27-3-k6 kernel-headers-2.4.27-3-586tsc kernel-headers-2.4.27-3-k7-smp kernel-headers-2.4.27-3-k7 kernel-pcmcia-modules-2.4.27-3-k6 kernel-headers-2.4.27-3 kernel-pcmcia-modules-2.4.27-3-386 kernel-headers-2.4.27-3-386 kernel-image-2.4.27-3-386 kernel-image-2.4.27-3-686-smp kernel-pcmcia-modules-2.4.27-3-k7-smp kernel-pcmcia-modules-2.4.27-3-k7 kernel-build-2.4.27-3 kernel-headers-2.4.27-3-686 kernel-headers-2.4.27-3-k6 kernel-image-2.4.27-3-k7-smp kernel-pcmcia-modules-2.4.27-3-686-smp kernel-image-2.4.27-3-k7 kernel-pcmcia-modules-2.4.27-3-586tsc kernel-pcmcia-modules-2.4.27-3-686 kernel-headers-2.4.27-3-686-smp
Architecture: i386 source
Version: 2.4.27-10sarge5
Distribution: stable-security
Urgency: high
Maintainer: Debian Kernel Team <debian-kernel@lists.debian.org>
Changed-By: dann frazier <dannf@debian.org>
Description:
kernel-build-2.4.27-3 - Headers for building modules for Linux 2.4.27
kernel-headers-2.4.27-3 - Header files related to Linux kernel version 2.4.27
kernel-headers-2.4.27-3-386 - Linux 2.4.27 kernel headers for 386
kernel-headers-2.4.27-3-586tsc - Linux 2.4.27 kernel headers for Pentium-Classic
kernel-headers-2.4.27-3-686 - Linux 2.4.27 kernel headers for PPro/Celeron/PII/PIII/P4
kernel-headers-2.4.27-3-686-smp - Linux 2.4.27 kernel headers for PPro/Celeron/PII/PIII/P4 SMP
kernel-headers-2.4.27-3-k6 - Linux 2.4.27 kernel headers for AMD K6/K6-II/K6-III
kernel-headers-2.4.27-3-k7 - Linux 2.4.27 kernel headers for AMD K7
kernel-headers-2.4.27-3-k7-smp - Linux 2.4.27 kernel headers for AMD K7 SMP
kernel-image-2.4.27-3-386 - Linux kernel image for version 2.4.27 on 386
kernel-image-2.4.27-3-586tsc - Linux kernel image for version 2.4.27 on Pentium-Classic
kernel-image-2.4.27-3-686 - Linux kernel image for version 2.4.27 on PPro/Celeron/PII/PIII/P4
kernel-image-2.4.27-3-686-smp - Linux kernel image for version 2.4.27 on PPro/Celeron/PII/PIII/P4
kernel-image-2.4.27-3-k6 - Linux kernel image for version 2.4.27 on AMD K6/K6-II/K6-III
kernel-image-2.4.27-3-k7 - Linux kernel image for version 2.4.27 on AMD K7
kernel-image-2.4.27-3-k7-smp - Linux kernel image for version 2.4.27 on AMD K7 SMP
kernel-pcmcia-modules-2.4.27-3-386 - Mainstream PCMCIA modules 2.4.27 on 386
kernel-pcmcia-modules-2.4.27-3-586tsc - Mainstream PCMCIA modules 2.4.27 on Pentium-Classic
kernel-pcmcia-modules-2.4.27-3-686 - Mainstream PCMCIA modules 2.4.27 on PPro/Celeron/PII/PIII/P4
kernel-pcmcia-modules-2.4.27-3-686-smp - Mainstream PCMCIA modules 2.4.27 on PPro/Celeron/PII/PIII/P4 SMP
kernel-pcmcia-modules-2.4.27-3-k6 - Mainstream PCMCIA modules 2.4.27 on AMD K6/K6-II/K6-III
kernel-pcmcia-modules-2.4.27-3-k7 - Mainstream PCMCIA modules 2.4.27 on AMD K7
kernel-pcmcia-modules-2.4.27-3-k7-smp - Mainstream PCMCIA modules 2.4.27 on AMD K7 SMP
Closes: 310982
Changes:
kernel-image-2.4.27-i386 (2.4.27-10sarge5) stable-security; urgency=high
.
* Build against kernel-tree-2.4.27-10sarge5:
* 233_ia64-sparc-cross-region-mappings.diff
[SECURITY] Prevent cross-region mappings on ia64 and sparc which
could be used in a local DoS attack (system crash)
See CVE-2006-4538
* 234_atm-clip-freed-skb-deref.diff
[SECURITY] Avoid dereferencing an already freed skb, preventing a
potential remote DoS (system crash) vector
See CVE-2006-4997
* 235_ppc-alignment-exception-table-check.diff
[SECURITY][ppc] Avoid potential DoS which can be triggered by some
futex ops
See CVE-2006-5649
* 236_s390-uaccess-memleak.diff
[SECURITY][s390] Fix memory leak in copy_from_user by clearing the
remaining bytes of the kernel buffer after a fault on the userspace
address in copy_from_user()
See CVE-2006-5174
* 237_smbfs-honor-mount-opts.diff
Honor uid, gid and mode mount options for smbfs even when unix extensions
are enabled (closes: #310982)
See CVE-2006-5871
* 238_ppc-hid0-dos.diff
[SECURITY] [ppc] Fix local DoS by clearing HID0 attention enable on
PPC970 at boot time
See CVE-2006-4093
Files:
14db999e3504855ab0239341e41b8d0d 302114 devel optional kernel-headers-2.4.27-3-686-smp_2.4.27-10sarge5_i386.deb
255d69882c14e9a92cf951b2fff9263f 11052302 base optional kernel-image-2.4.27-3-386_2.4.27-10sarge5_i386.deb
31480c61a3ac3c71d4a1b9703b8d8139 12695118 base optional kernel-image-2.4.27-3-686-smp_2.4.27-10sarge5_i386.deb
3e4e06b330cd1ac479769baac326df7b 11723728 base optional kernel-image-2.4.27-3-k6_2.4.27-10sarge5_i386.deb
483ea0ad7316d1c82e1d667d8826d536 300286 devel optional kernel-headers-2.4.27-3-k7_2.4.27-10sarge5_i386.deb
507f4d8c295e1c4549b06ded67009b98 306442 base optional kernel-pcmcia-modules-2.4.27-3-686-smp_2.4.27-10sarge5_i386.deb
541559dcbaa99bbd02642fe31b063ffd 12098618 base optional kernel-image-2.4.27-3-k7_2.4.27-10sarge5_i386.deb
5813dbe009eea4141a872752874f0335 12434342 base optional kernel-image-2.4.27-3-k7-smp_2.4.27-10sarge5_i386.deb
5973792d7e12022780b7d4d51e1f2372 299390 devel optional kernel-headers-2.4.27-3-386_2.4.27-10sarge5_i386.deb
620f476d04bfe3a906b9110d9495f902 300562 devel optional kernel-headers-2.4.27-3-686_2.4.27-10sarge5_i386.deb
64620786d42099ead5e5bdb829f7c573 294624 base optional kernel-pcmcia-modules-2.4.27-3-k7_2.4.27-10sarge5_i386.deb
689742b819b03635be81e56f236f015b 99762 devel optional kernel-image-2.4.27-i386_2.4.27-10sarge5.tar.gz
6a06f4d16650536bdcd1dd7f44851a3d 299512 base optional kernel-pcmcia-modules-2.4.27-3-k7-smp_2.4.27-10sarge5_i386.deb
6b842b2221e6afa94332d6e2e434f5e2 299548 devel optional kernel-headers-2.4.27-3-k6_2.4.27-10sarge5_i386.deb
6ca7de755e3890e989cfaa2271a0ba3d 1825394 devel optional kernel-headers-2.4.27-3_2.4.27-10sarge5_i386.deb
f670c9495d1e6b3fc0dae34079be2703 1581 devel optional kernel-image-2.4.27-i386_2.4.27-10sarge5.dsc
77410fc804084d2169ceb1319a9e690f 269980 base optional kernel-pcmcia-modules-2.4.27-3-386_2.4.27-10sarge5_i386.deb
900499f7b356261f9859d051c96a54e8 288692 base optional kernel-pcmcia-modules-2.4.27-3-k6_2.4.27-10sarge5_i386.deb
939c08139e1e17f754d9d676ca3f9c04 300698 base optional kernel-pcmcia-modules-2.4.27-3-686_2.4.27-10sarge5_i386.deb
948a088ae36738d5de11375009a162b6 300664 devel optional kernel-headers-2.4.27-3-586tsc_2.4.27-10sarge5_i386.deb
b6270e45a1acfc537b6d9ba474e163d7 294862 base optional kernel-pcmcia-modules-2.4.27-3-586tsc_2.4.27-10sarge5_i386.deb
c2e539824425af065b4617aa3589b782 10534 devel optional kernel-build-2.4.27-3_2.4.27-10sarge5_i386.deb
cd85e4ca2b25cecddd0077b4eb47a0ce 12355204 base optional kernel-image-2.4.27-3-686_2.4.27-10sarge5_i386.deb
d5f9b05985e032d4ce522283566b0fdd 302128 devel optional kernel-headers-2.4.27-3-k7-smp_2.4.27-10sarge5_i386.deb
f576550eacb4d17f1388b89ce9615f06 12036374 base optional kernel-image-2.4.27-3-586tsc_2.4.27-10sarge5_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)
iD8DBQFFeEU/huANDBmkLRkRAiAmAJ4gILVPDR9EYO6upMMfePjf3udWwwCfQmTd
qFyGG8nqV6ENB1djuSTvzN4=
=8YLn
-----END PGP SIGNATURE-----
--- End Message ---
Reply to: