Bug#529318: linux-2.6: CVE-2007-6514 smbfs information disclosure vulnerability

To: "Michael S. Gilbert" <michael.s.gilbert@gmail.com>
Cc: 529318@bugs.debian.org
Subject: Bug#529318: linux-2.6: CVE-2007-6514 smbfs information disclosure vulnerability
From: Moritz Muehlenhoff <jmm@inutil.org>
Date: Thu, 13 Aug 2009 23:51:40 +0200
Message-id: <[🔎] 20090813215140.GA11546@galadriel.inutil.org>
Reply-to: Moritz Muehlenhoff <jmm@inutil.org>, 529318@bugs.debian.org
In-reply-to: <20090518120658.91edc7f9.michael.s.gilbert@gmail.com>
References: <20090518120658.91edc7f9.michael.s.gilbert@gmail.com>

On Mon, May 18, 2009 at 12:06:58PM -0400, Michael S. Gilbert wrote:
> Package: linux-2.6
> Severity: important
> Tags: security
> 
> Hi,
> 
> The following CVE (Common Vulnerabilities & Exposures) id was
> published for linux-2.6.
> 
> CVE-2007-6514[0]:
> | Apache HTTP Server, when running on Linux with a document root on a
> | Windows share mounted using smbfs, allows remote attackers to obtain
> | unprocessed content such as source files for .php programs via a
> | trailing "\" (backslash), which is not handled by the intended AddType
> | directive.
> 
> If you fix the vulnerability please also make sure to include the
> CVE id in your changelog entry.

Have you been able to test this against recent kernels such as 2.6.30?

Cheers,
        Moritz

Reply to:

Follow-Ups:
- Bug#529318: linux-2.6: CVE-2007-6514 smbfs information disclosure vulnerability
  - From: "Michael S. Gilbert" <michael.s.gilbert@gmail.com>

Prev by Date: Bug#374545: marked as done (linux-image-2.6.16-2-686: Sound recording fails with DSP-500 / snd-usb-audio)
Next by Date: Bug#418278: marked as done (linux-image-2.6.18-4-vserver-sparc64: Kernel unaligned access, filldir64)
Previous by thread: Bug#374545: marked as done (linux-image-2.6.16-2-686: Sound recording fails with DSP-500 / snd-usb-audio)
Next by thread: Bug#529318: linux-2.6: CVE-2007-6514 smbfs information disclosure vulnerability
Index(es):
- Date
- Thread