Your message dated Mon, 17 Dec 2007 18:39:11 +0100 with message-id <20071217173911.GD17669@stro.at> and subject line spoofing cifs trafic has caused the attached Bug report to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what I am talking about this indicates a serious mail system misconfiguration somewhere. Please contact me immediately.) Debian bug tracking system administrator (administrator, Debian Bugs database)
--- Begin Message ---
- To: submit@bugs.debian.org
- Subject: CVE-2007-3843 possible spoofing of CIFS traffic
- From: Nico Golde <nion@debian.org>
- Date: Wed, 10 Oct 2007 12:38:15 +0200
- Message-id: <20071010103814.GA18562@ngolde.de>
Package: linux-2.6 Severity: important Tags: security Hi, the following CVE (Common Vulnerabilities & Exposures) id was published for linux-2.6. CVE-2007-3843[0]: | The Linux kernel before 2.6.23-rc1 checks the wrong global variable | for the CIFS sec mount option, which might allow remote attackers to | spoof CIFS network traffic that the client configured for security | signatures, as demonstrated by lack of signing despite sec=ntlmv2i in | a SetupAndX request. If you fix this vulnerability please also include the CVE id in your changelog entry. For further information: [0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3843 Kind regards Nico -- Nico Golde - http://ngolde.de - nion@jabber.ccc.de - GPG: 0x73647CFF For security reasons, all text in this mail is double-rot13 encrypted.Attachment: pgp7neeD11BEM.pgp
Description: PGP signature
--- End Message ---
--- Begin Message ---
- To: 446073-done@bugs.debian.org
- Subject: spoofing cifs trafic
- From: maximilian attems <max@stro.at>
- Date: Mon, 17 Dec 2007 18:39:11 +0100
- Message-id: <20071217173911.GD17669@stro.at>
Version: 2.6.23-1 fixed in sid linux image version. -- maks
--- End Message ---