Bug#310982: marked as done (smbmount does not honor uid and gid options with 2.4 kernel)
Your message dated Sat, 17 Feb 2007 12:10:08 +0000
with message-id <E1HIOOG-0005Lv-MF@ries.debian.org>
and subject line Bug#310982: fixed in kernel-image-2.4.27-m68k 2.4.27-3sarge5
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--- Begin Message ---
- To: Debian Bug Tracking System <submit@bugs.debian.org>
- Subject: smbmount does not honor uid and gid options with 2.4 kernel
- From: Bill Allombert <ballombe@debian.org>
- Date: Fri, 27 May 2005 15:14:01 +0200
- Message-id: <20050527131401.GA28161@yellowpig.yi.org>
Package: smbfs
Version: 3.0.14a-1
Severity: serious
Justification: break security on upgrade
Hello Debian samba maintainers,
smbmount does not honour the uid and gid option with the sarge 2.4
kernel when the server has 'unix extensions' enabled.
The security problem is that 'unix extension' are not enabled with woody samba
server but are enabled by the upgrade to sarge (since this is the
default). At this point the bug in smbmount on the samba client allow
users on the client to access the samba share with the same permission
they would have on the server disregarding the uid/gid option passed to
smbmount.
Cheers,
--
Bill. <ballombe@debian.org>
Imagine a large red swirl here.
-- System Information:
Debian Release: 3.1
Architecture: i386 (i686)
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 2.4.27-2-386
Locale: LANG=fr_FR, LC_CTYPE=fr_FR (charmap=ISO-8859-1)
--- End Message ---
--- Begin Message ---
- To: 310982-close@bugs.debian.org
- Subject: Bug#310982: fixed in kernel-image-2.4.27-m68k 2.4.27-3sarge5
- From: dann frazier <dannf@debian.org>
- Date: Sat, 17 Feb 2007 12:10:08 +0000
- Message-id: <E1HIOOG-0005Lv-MF@ries.debian.org>
Source: kernel-image-2.4.27-m68k
Source-Version: 2.4.27-3sarge5
We believe that the bug you reported is fixed in the latest version of
kernel-image-2.4.27-m68k, which is due to be installed in the Debian FTP archive:
kernel-image-2.4.27-amiga_2.4.27-3sarge5_m68k.deb
to pool/main/k/kernel-image-2.4.27-m68k/kernel-image-2.4.27-amiga_2.4.27-3sarge5_m68k.deb
kernel-image-2.4.27-atari_2.4.27-3sarge5_m68k.deb
to pool/main/k/kernel-image-2.4.27-m68k/kernel-image-2.4.27-atari_2.4.27-3sarge5_m68k.deb
kernel-image-2.4.27-bvme6000_2.4.27-3sarge5_m68k.deb
to pool/main/k/kernel-image-2.4.27-m68k/kernel-image-2.4.27-bvme6000_2.4.27-3sarge5_m68k.deb
kernel-image-2.4.27-m68k_2.4.27-3sarge5.dsc
to pool/main/k/kernel-image-2.4.27-m68k/kernel-image-2.4.27-m68k_2.4.27-3sarge5.dsc
kernel-image-2.4.27-m68k_2.4.27-3sarge5.tar.gz
to pool/main/k/kernel-image-2.4.27-m68k/kernel-image-2.4.27-m68k_2.4.27-3sarge5.tar.gz
kernel-image-2.4.27-mac_2.4.27-3sarge5_m68k.deb
to pool/main/k/kernel-image-2.4.27-m68k/kernel-image-2.4.27-mac_2.4.27-3sarge5_m68k.deb
kernel-image-2.4.27-mvme147_2.4.27-3sarge5_m68k.deb
to pool/main/k/kernel-image-2.4.27-m68k/kernel-image-2.4.27-mvme147_2.4.27-3sarge5_m68k.deb
kernel-image-2.4.27-mvme16x_2.4.27-3sarge5_m68k.deb
to pool/main/k/kernel-image-2.4.27-m68k/kernel-image-2.4.27-mvme16x_2.4.27-3sarge5_m68k.deb
kernel-image-2.4.27-q40_2.4.27-3sarge5_m68k.deb
to pool/main/k/kernel-image-2.4.27-m68k/kernel-image-2.4.27-q40_2.4.27-3sarge5_m68k.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 310982@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
dann frazier <dannf@debian.org> (supplier of updated kernel-image-2.4.27-m68k package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Tue, 5 Dec 2006 02:23:02 -0700
Source: kernel-image-2.4.27-m68k
Binary: kernel-image-2.4.27-sun3 kernel-image-2.4.27-atari kernel-image-2.4.27-q40 kernel-image-2.4.27-sun3x kernel-image-2.4.27-amiga kernel-image-2.4.27-mvme16x kernel-image-2.4.27-mac kernel-image-2.4.27-mvme147 kernel-image-2.4.27-bvme6000
Architecture: m68k source
Version: 2.4.27-3sarge5
Distribution: stable-security
Urgency: high
Maintainer: Christian T. Steigies <cts@debian.org>
Changed-By: dann frazier <dannf@debian.org>
Description:
kernel-image-2.4.27-amiga - Linux kernel image for Amiga computers
kernel-image-2.4.27-atari - Linux kernel image for Atari computers
kernel-image-2.4.27-bvme6000 - Linux kernel image for BVM BVME4000 and BVME6000 SBCs.
kernel-image-2.4.27-mac - Linux kernel image for Macintosh computers
kernel-image-2.4.27-mvme147 - Linux kernel image for Motorola MVME147 SBCs.
kernel-image-2.4.27-mvme16x - Linux kernel image for Motorola MVME162/6/7, MVME172/7 SBCs.
kernel-image-2.4.27-q40 - Linux kernel image for Q40 and Q60 computers
kernel-image-2.4.27-sun3 - Linux kernel image for sun3 computers
kernel-image-2.4.27-sun3x - Linux kernel image for sun3x computers
Closes: 310982
Changes:
kernel-image-2.4.27-m68k (2.4.27-3sarge5) stable-security; urgency=high
.
* Build against kernel-tree-2.4.27-10sarge5:
* 233_ia64-sparc-cross-region-mappings.diff
[SECURITY] Prevent cross-region mappings on ia64 and sparc which
could be used in a local DoS attack (system crash)
See CVE-2006-4538
* 234_atm-clip-freed-skb-deref.diff
[SECURITY] Avoid dereferencing an already freed skb, preventing a
potential remote DoS (system crash) vector
See CVE-2006-4997
* 235_ppc-alignment-exception-table-check.diff
[SECURITY][ppc] Avoid potential DoS which can be triggered by some
futex ops
See CVE-2006-5649
* 236_s390-uaccess-memleak.diff
[SECURITY][s390] Fix memory leak in copy_from_user by clearing the
remaining bytes of the kernel buffer after a fault on the userspace
address in copy_from_user()
See CVE-2006-5174
* 237_smbfs-honor-mount-opts.diff
Honor uid, gid and mode mount options for smbfs even when unix extensions
are enabled (closes: #310982)
See CVE-2006-5871
* 238_ppc-hid0-dos.diff
[SECURITY] [ppc] Fix local DoS by clearing HID0 attention enable on
PPC970 at boot time
See CVE-2006-4093
Files:
033f694ed1a6acc24efb07ecdbbe125c 2326206 base optional kernel-image-2.4.27-mvme147_2.4.27-3sarge5_m68k.deb
181df694d051555f0253ff27e9f0863c 2478704 base optional kernel-image-2.4.27-mac_2.4.27-3sarge5_m68k.deb
5d278c185e1ca1d34e65dc657cbcbe96 2396790 base optional kernel-image-2.4.27-bvme6000_2.4.27-3sarge5_m68k.deb
5d32bbaecfcef58ac406939346922caa 12864 devel optional kernel-image-2.4.27-m68k_2.4.27-3sarge5.tar.gz
64f44bc3e9c3313cb7aecf789ddb51de 2642370 base optional kernel-image-2.4.27-amiga_2.4.27-3sarge5_m68k.deb
6dcdfedd3356d0f20e7899da7a7ff2bd 2545710 base optional kernel-image-2.4.27-atari_2.4.27-3sarge5_m68k.deb
7416f4d8d7d4d468977f966d6cb680da 876 devel optional kernel-image-2.4.27-m68k_2.4.27-3sarge5.dsc
c0c6fbb7a1160688f8e8c7ae97d43e9a 2262406 base optional kernel-image-2.4.27-q40_2.4.27-3sarge5_m68k.deb
f716f0313d88c62779569712078ae0c8 2397324 base optional kernel-image-2.4.27-mvme16x_2.4.27-3sarge5_m68k.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)
iD8DBQFFeEeVhuANDBmkLRkRAhWyAKCRUQlwkeJ8Lsf8n+dOF0CWJIoHrwCfah03
AhyUhY7NOKb/BClS+h33tzc=
=ofJY
-----END PGP SIGNATURE-----
--- End Message ---
Reply to: