[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Samba Root CVE-2012-1182 - Possibly countered with hardening@compiletime ?

On Tue, Apr 17, 2012 at 6:15 AM, Crusty Saint wrote:
> Hi,
> Regarding https://www.samba.org/samba/security/CVE-2012-1182
> I'm currently step-by-step looking into compiling my own debs and
> recompiling existing once ( ignoring that optimisations are often
> overrated ) What i'm most interested in though is the
> hardening@compile-time of packages. Even if this means generic
> protection. Thinking some is better then none. For this i've, so far,
> used hardening-wrapper and hardening-includes packages. Though i'm not
> sure if i'm even using hardening-includes correctly at this time i
> dare to present a question.
> Part of the description of the CVE reads :
> "The flaw caused checks on the variable containing the length of an
> allocated array to be done independently from the checks on the
> variable used to allocate the memory for that array.  As both these
> variables are controlled by the connecting client it makes it possible
> for a specially crafted RPC call to cause the server to execute
> arbitrary code."
> Would recompiling with a DEB_BUILD_HARDENING=1 and corresponding
> configuration as below in /etc/hardening-wrapper.conf have mitigated
> against this particular exploit vector ? Though part of the attack
> depends on logic i assume the 'specially crafted RPC call' could've
> been mitigated against.

I don't really have an answer since I have not personally studied this
issue, but anyone that may have interest in any particularr security
issue can made use of the informative debian security tracker as a
spring board for their own research.

For example, if I wanted to better understand this issue, I would
start at [0], which would eventually lead me to [1], which includes
patches that samba applied.  I could then study those to see if
hardening made a difference.

> *glops* My /etc/hardening-wrapper.conf looks like

It's quite a bit easier now.  You can set debian/compat to 9 in the
source package, and hardening will be done automagically (you may also
want to set "export DEB_BUILT_MAINT_OPTIONS=hardening=+all" in
debian/rules to get all hardening enabled).

Best wishes,

[0] http://security-tracker.debian.org/tracker/CVE-2012-1182
[1] https://bugzilla.samba.org/show_bug.cgi?id=8815

Reply to: