Bug#310982: marked as done (smbmount does not honor uid and gid options with 2.4 kernel)

[owner@bugs.debian.org (Debian Bug Tracking System)]

Your message dated Sat, 17 Feb 2007 12:10:07 +0000
with message-id <E1HIOOF-0005LC-Ns@ries.debian.org>
and subject line Bug#310982: fixed in kernel-image-2.4.27-arm 2.4.27-2sarge5
has caused the attached Bug report to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere.  Please contact me immediately.)

Debian bug tracking system administrator
(administrator, Debian Bugs database)

--- Begin Message ---

• To: Debian Bug Tracking System <submit@bugs.debian.org>
• Subject: smbmount does not honor uid and gid options with 2.4 kernel
• From: Bill Allombert <ballombe@debian.org>
• Date: Fri, 27 May 2005 15:14:01 +0200
• Message-id: <20050527131401.GA28161@yellowpig.yi.org>

Package: smbfs
Version: 3.0.14a-1
Severity: serious
Justification: break security on upgrade

Hello Debian samba maintainers,

smbmount does not honour the uid and gid option with the sarge 2.4
kernel when the server has 'unix extensions' enabled.

The security problem is that 'unix extension' are not enabled with woody samba
server but are enabled by the upgrade to sarge (since this is the
default). At this point the bug in smbmount on the samba client allow
users on the client to access the samba share with the same permission
they would have on the server disregarding the uid/gid option passed to
smbmount.

Cheers,
-- 
Bill. <ballombe@debian.org>

Imagine a large red swirl here. 

-- System Information:
Debian Release: 3.1
Architecture: i386 (i686)
Shell:  /bin/sh linked to /bin/bash
Kernel: Linux 2.4.27-2-386
Locale: LANG=fr_FR, LC_CTYPE=fr_FR (charmap=ISO-8859-1)

--- End Message ---

--- Begin Message ---

• To: 310982-close@bugs.debian.org
• Subject: Bug#310982: fixed in kernel-image-2.4.27-arm 2.4.27-2sarge5
• From: dann frazier <dannf@debian.org>
• Date: Sat, 17 Feb 2007 12:10:07 +0000
• Message-id: <E1HIOOF-0005LC-Ns@ries.debian.org>

Source: kernel-image-2.4.27-arm
Source-Version: 2.4.27-2sarge5

We believe that the bug you reported is fixed in the latest version of
kernel-image-2.4.27-arm, which is due to be installed in the Debian FTP archive:

kernel-build-2.4.27_2.4.27-2sarge5_arm.deb
  to pool/main/k/kernel-image-2.4.27-arm/kernel-build-2.4.27_2.4.27-2sarge5_arm.deb
kernel-headers-2.4.27_2.4.27-2sarge5_arm.deb
  to pool/main/k/kernel-image-2.4.27-arm/kernel-headers-2.4.27_2.4.27-2sarge5_arm.deb
kernel-image-2.4.27-arm_2.4.27-2sarge5.dsc
  to pool/main/k/kernel-image-2.4.27-arm/kernel-image-2.4.27-arm_2.4.27-2sarge5.dsc
kernel-image-2.4.27-arm_2.4.27-2sarge5.tar.gz
  to pool/main/k/kernel-image-2.4.27-arm/kernel-image-2.4.27-arm_2.4.27-2sarge5.tar.gz
kernel-image-2.4.27-bast_2.4.27-2sarge5_arm.deb
  to pool/main/k/kernel-image-2.4.27-arm/kernel-image-2.4.27-bast_2.4.27-2sarge5_arm.deb
kernel-image-2.4.27-lart_2.4.27-2sarge5_arm.deb
  to pool/main/k/kernel-image-2.4.27-arm/kernel-image-2.4.27-lart_2.4.27-2sarge5_arm.deb
kernel-image-2.4.27-netwinder_2.4.27-2sarge5_arm.deb
  to pool/main/k/kernel-image-2.4.27-arm/kernel-image-2.4.27-netwinder_2.4.27-2sarge5_arm.deb
kernel-image-2.4.27-riscpc_2.4.27-2sarge5_arm.deb
  to pool/main/k/kernel-image-2.4.27-arm/kernel-image-2.4.27-riscpc_2.4.27-2sarge5_arm.deb
kernel-image-2.4.27-riscstation_2.4.27-2sarge5_arm.deb
  to pool/main/k/kernel-image-2.4.27-arm/kernel-image-2.4.27-riscstation_2.4.27-2sarge5_arm.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 310982@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
dann frazier <dannf@debian.org> (supplier of updated kernel-image-2.4.27-arm package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Tue,  5 Dec 2006 02:22:43 -0700
Source: kernel-image-2.4.27-arm
Binary: kernel-headers-2.4.27 kernel-build-2.4.27 kernel-image-2.4.27-bast kernel-image-2.4.27-riscstation kernel-image-2.4.27-riscpc kernel-image-2.4.27-netwinder kernel-image-2.4.27-lart
Architecture: arm source 
Version: 2.4.27-2sarge5
Distribution: stable-security
Urgency: high
Maintainer: Vincent Sanders <vince@debian.org>
Changed-By: dann frazier <dannf@debian.org>
Description: 
 kernel-build-2.4.27 - Headers for building modules for Linux 2.4.27
 kernel-headers-2.4.27 - Header files related to Linux kernel version 2.4.27
 kernel-image-2.4.27-bast - Linux kernel image for version 2.4.27 for Bast.
 kernel-image-2.4.27-lart - Linux kernel image for version 2.4.27 for LART.
 kernel-image-2.4.27-netwinder - Linux kernel image for version 2.4.27 for Netwinder.
 kernel-image-2.4.27-riscpc - Linux kernel image for version 2.4.27 for RiscPC.
 kernel-image-2.4.27-riscstation - Linux kernel image for version 2.4.27 for Riscstations.
Closes: 310982
Changes: 
 kernel-image-2.4.27-arm (2.4.27-2sarge5) stable-security; urgency=high
 .
   * Build against kernel-tree-2.4.27-10sarge5:
     * 233_ia64-sparc-cross-region-mappings.diff
       [SECURITY] Prevent cross-region mappings on ia64 and sparc which
       could be used in a local DoS attack (system crash)
       See CVE-2006-4538
     * 234_atm-clip-freed-skb-deref.diff
       [SECURITY] Avoid dereferencing an already freed skb, preventing a
       potential remote DoS (system crash) vector
       See CVE-2006-4997
     * 235_ppc-alignment-exception-table-check.diff
       [SECURITY][ppc] Avoid potential DoS which can be triggered by some
       futex ops
       See CVE-2006-5649
     * 236_s390-uaccess-memleak.diff
       [SECURITY][s390] Fix memory leak in copy_from_user by clearing the
       remaining bytes of the kernel buffer after a fault on the userspace
       address in copy_from_user()
       See CVE-2006-5174
     * 237_smbfs-honor-mount-opts.diff
       Honor uid, gid and mode mount options for smbfs even when unix extensions
       are enabled (closes: #310982)
       See CVE-2006-5871
     * 238_ppc-hid0-dos.diff
       [SECURITY] [ppc] Fix local DoS by clearing HID0 attention enable on
       PPC970 at boot time
       See CVE-2006-4093
Files: 
 022d79de206311aa2364e5449915a94d 3687138 base optional kernel-image-2.4.27-riscstation_2.4.27-2sarge5_arm.deb
 26755e712c14e0003b0d599ccc1bac98 7376966 base optional kernel-image-2.4.27-netwinder_2.4.27-2sarge5_arm.deb
 4729ca286f8e2314f6c5cdfaefbe93aa 4726650 devel optional kernel-headers-2.4.27_2.4.27-2sarge5_arm.deb
 4beae00e1c3e83463a772fe17aebc80f 1695008 base optional kernel-image-2.4.27-bast_2.4.27-2sarge5_arm.deb
 4fe66843eb3dde9636a292726b0720ca 34450 devel optional kernel-image-2.4.27-arm_2.4.27-2sarge5.tar.gz
 381052d0f0e53b867b8190d9bf0e0d1b 840 devel optional kernel-image-2.4.27-arm_2.4.27-2sarge5.dsc
 ee2f850805f19c7fdfdb8c866566cc56 1059362 base optional kernel-image-2.4.27-lart_2.4.27-2sarge5_arm.deb
 f673a41f1403e7a85e9cdbfc6cffb23b 3165708 base optional kernel-image-2.4.27-riscpc_2.4.27-2sarge5_arm.deb
 fe85544eabe959ce72f05dda8d65185a 483596 devel optional kernel-build-2.4.27_2.4.27-2sarge5_arm.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)

iD8DBQFFeEERhuANDBmkLRkRAh51AJ91025H8UY0xeN5fGml5l6JIRPx8ACfRWe9
UJ7dqi/6slLaqOFlHPgulR8=
=4meb
-----END PGP SIGNATURE-----

--- End Message ---