Bug#310982: marked as done (smbmount does not honor uid and gid options with 2.4 kernel)

[owner@bugs.debian.org (Debian Bug Tracking System)]

Your message dated Sat, 17 Feb 2007 12:10:29 +0000
with message-id <E1HIOOb-0005Sd-R7@ries.debian.org>
and subject line Bug#310982: fixed in systemimager 3.2.3-6sarge4
has caused the attached Bug report to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere.  Please contact me immediately.)

Debian bug tracking system administrator
(administrator, Debian Bugs database)

--- Begin Message ---

• To: Debian Bug Tracking System <submit@bugs.debian.org>
• Subject: smbmount does not honor uid and gid options with 2.4 kernel
• From: Bill Allombert <ballombe@debian.org>
• Date: Fri, 27 May 2005 15:14:01 +0200
• Message-id: <20050527131401.GA28161@yellowpig.yi.org>

Package: smbfs
Version: 3.0.14a-1
Severity: serious
Justification: break security on upgrade

Hello Debian samba maintainers,

smbmount does not honour the uid and gid option with the sarge 2.4
kernel when the server has 'unix extensions' enabled.

The security problem is that 'unix extension' are not enabled with woody samba
server but are enabled by the upgrade to sarge (since this is the
default). At this point the bug in smbmount on the samba client allow
users on the client to access the samba share with the same permission
they would have on the server disregarding the uid/gid option passed to
smbmount.

Cheers,
-- 
Bill. <ballombe@debian.org>

Imagine a large red swirl here. 

-- System Information:
Debian Release: 3.1
Architecture: i386 (i686)
Shell:  /bin/sh linked to /bin/bash
Kernel: Linux 2.4.27-2-386
Locale: LANG=fr_FR, LC_CTYPE=fr_FR (charmap=ISO-8859-1)

--- End Message ---

--- Begin Message ---

• To: 310982-close@bugs.debian.org
• Subject: Bug#310982: fixed in systemimager 3.2.3-6sarge4
• From: dann frazier <dannf@debian.org>
• Date: Sat, 17 Feb 2007 12:10:29 +0000
• Message-id: <E1HIOOb-0005Sd-R7@ries.debian.org>

Source: systemimager
Source-Version: 3.2.3-6sarge4

We believe that the bug you reported is fixed in the latest version of
systemimager, which is due to be installed in the Debian FTP archive:

systemimager-boot-i386-standard_3.2.3-6sarge4_all.deb
  to pool/main/s/systemimager/systemimager-boot-i386-standard_3.2.3-6sarge4_all.deb
systemimager-boot-ia64-standard_3.2.3-6sarge4_all.deb
  to pool/main/s/systemimager/systemimager-boot-ia64-standard_3.2.3-6sarge4_all.deb
systemimager-client_3.2.3-6sarge4_all.deb
  to pool/main/s/systemimager/systemimager-client_3.2.3-6sarge4_all.deb
systemimager-common_3.2.3-6sarge4_all.deb
  to pool/main/s/systemimager/systemimager-common_3.2.3-6sarge4_all.deb
systemimager-doc_3.2.3-6sarge4_all.deb
  to pool/main/s/systemimager/systemimager-doc_3.2.3-6sarge4_all.deb
systemimager-server-flamethrowerd_3.2.3-6sarge4_all.deb
  to pool/main/s/systemimager/systemimager-server-flamethrowerd_3.2.3-6sarge4_all.deb
systemimager-server_3.2.3-6sarge4_all.deb
  to pool/main/s/systemimager/systemimager-server_3.2.3-6sarge4_all.deb
systemimager_3.2.3-6sarge4.dsc
  to pool/main/s/systemimager/systemimager_3.2.3-6sarge4.dsc
systemimager_3.2.3-6sarge4.tar.gz
  to pool/main/s/systemimager/systemimager_3.2.3-6sarge4.tar.gz



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 310982@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
dann frazier <dannf@debian.org> (supplier of updated systemimager package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Thu,  7 Dec 2006 09:57:10 -0700
Source: systemimager
Binary: systemimager-boot-i386-standard systemimager-boot-ia64-standard systemimager-client systemimager-common systemimager-doc systemimager-server systemimager-server-flamethrowerd
Architecture: source all
Version: 3.2.3-6sarge4
Distribution: stable-security
Urgency: high
Maintainer: dann frazier <dannf@debian.org>
Changed-By: dann frazier <dannf@debian.org>
Description: 
 systemimager-boot-i386-standard - SystemImager boot binaries for i386 client nodes
 systemimager-client - Utilities for creating an image and upgrading client machines
 systemimager-common - Utilities and libraries common to both the server and client
 systemimager-doc - Manual and other documentation
 systemimager-server - Automate GNU/Linux installs and upgrades over a network
 systemimager-server-flamethrowerd - SystemImager boot binaries for i386 client nodes
 systemimager-boot-ia64-standard - SystemImager boot binaries for ia64 client nodes

 systemimager-server-flamethrowerd - SystemImager boot binaries for ia64 client nodes
Closes: 310982
Changes: 
 systemimager (3.2.3-6sarge4) stable-security; urgency=high
 .
   * Build against kernel-tree-2.4.27-10sarge5:
     * 233_ia64-sparc-cross-region-mappings.diff
       [SECURITY] Prevent cross-region mappings on ia64 and sparc which
       could be used in a local DoS attack (system crash)
       See CVE-2006-4538
     * 234_atm-clip-freed-skb-deref.diff
       [SECURITY] Avoid dereferencing an already freed skb, preventing a
       potential remote DoS (system crash) vector
       See CVE-2006-4997
     * 235_ppc-alignment-exception-table-check.diff
       [SECURITY][ppc] Avoid potential DoS which can be triggered by some
       futex ops
       See CVE-2006-5649
     * 236_s390-uaccess-memleak.diff
       [SECURITY][s390] Fix memory leak in copy_from_user by clearing the
       remaining bytes of the kernel buffer after a fault on the userspace
       address in copy_from_user()
       See CVE-2006-5174
     * 237_smbfs-honor-mount-opts.diff
       Honor uid, gid and mode mount options for smbfs even when unix extensions
       are enabled (closes: #310982)
       See CVE-2006-5871
     * 238_ppc-hid0-dos.diff
       [SECURITY] [ppc] Fix local DoS by clearing HID0 attention enable on
       PPC970 at boot time
       See CVE-2006-4093
Files: 
 84f6a3040b4ca624d01532d0f0c023f9 979 admin optional systemimager_3.2.3-6sarge4.dsc
 716fe24644ffdbd59b0ca5de5470629f 15979474 admin optional systemimager_3.2.3-6sarge4.tar.gz
 8883b34d56263ef6f988c732482fde23 118244 admin optional systemimager-server_3.2.3-6sarge4_all.deb
 2748bff28ec7b5b3f4bc90eb82dffb61 31516 admin optional systemimager-client_3.2.3-6sarge4_all.deb
 e267a4cc8c6fa408b6973ecf6eec3f7c 31728 admin optional systemimager-common_3.2.3-6sarge4_all.deb
 d67eef0cd39f650d8b5952914e9d9798 632496 doc optional systemimager-doc_3.2.3-6sarge4_all.deb
 433d9eedf00bd67c08a47d69440c95b6 17068 admin optional systemimager-server-flamethrowerd_3.2.3-6sarge4_all.deb
 cc670bb7fe2cf731762f01eec8b460c3 4760018 admin optional systemimager-boot-i386-standard_3.2.3-6sarge4_all.deb
 d4d9d6da88eb634fe03ed8cd28baedb3 9546278 admin optional systemimager-boot-ia64-standard_3.2.3-6sarge4_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)

iD8DBQFFeFohhuANDBmkLRkRAuu0AJ9U9zhDbxr4DpG6jD88hAiuk8s0FQCfchFU
oK0smZhanvf1r5n/zIQ0YjI=
=AJ4u
-----END PGP SIGNATURE-----

--- End Message ---