Bug#529318: linux-2.6: CVE-2007-6514 smbfs information disclosure vulnerability
On Thu, 13 Aug 2009 23:51:40 +0200 Moritz Muehlenhoff wrote:
> On Mon, May 18, 2009 at 12:06:58PM -0400, Michael S. Gilbert wrote:
> > Package: linux-2.6
> > Severity: important
> > Tags: security
> >
> > Hi,
> >
> > The following CVE (Common Vulnerabilities & Exposures) id was
> > published for linux-2.6.
> >
> > CVE-2007-6514[0]:
> > | Apache HTTP Server, when running on Linux with a document root on a
> > | Windows share mounted using smbfs, allows remote attackers to obtain
> > | unprocessed content such as source files for .php programs via a
> > | trailing "\" (backslash), which is not handled by the intended AddType
> > | directive.
> >
> > If you fix the vulnerability please also make sure to include the
> > CVE id in your changelog entry.
>
> Have you been able to test this against recent kernels such as 2.6.30?
here is my assessment of this issue:
the attack vector for this one is so obscure: the worst that can
happen is disclosure of scripts hosted on an apache server serving
those scripts, and only if those scripts are mounted from a windows
share via smbfs. i'd almost be inclined to say no-dsa for this one (or
issue a dsa that says don't host your web scripts on a windows share
when using apache if you are concerned about the confidentiality of
those scripts). it's hardly worth worrying about.
i have not done any tests to determine affected versions, but it
should be fairly straightforward to do so. see [0].
also, see redhat bug on this [1]. they have a patch for rhel 2.1, but
i wasn't able to search it down.
mike
[0]
http://www.securityfocus.com/archive/1/archive/1/485316/100/0/threaded
[1] https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2007-6514
Reply to: