[Pkg-samba-maint] Bug#568942: Bug#568942: samba: mtab corruption via malicious crafted string
Christian PERRIER
bubulle at debian.org
Wed Feb 10 06:44:52 UTC 2010
Quoting Moritz Muehlenhoff (jmm at inutil.org):
> > a security bug has been discovered in all versions of Samba up to and
> > including 3.4.5.
> > It is possible to cause mtab corruption via a specially crafted string.
> > More information at
> > http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0547
> > http://git.samba.org/?p=samba.git;a=commit;h=a065c177dfc8f968775593ba00dffafeebb2e054
>
> Since 567554 is tagged pending, I suppose the setuid root bit on
> mount.cifs is going to be dropped. Once done, this issue is moot.
In unstable, then squeeze, yes. This is the change we'll do.
OTOH, we still have lenny that's affected. Dropping the setuid bit in
lenny would break the behaviour of the package in a too invasive way,
so we need to use patches that have been proposed in upstream bug
report by Jeff Layton.
However, they don't apply cleanly on our 3.2.5. They were meant for
upstream 3-2-test branch, so for 3.2.15
I started working on them yesterday and it seems feasible to port
them. Surprisingly, though, some of the 7 patches proposed by Jeff in
the attached tarball are reported as "already applied" on our 3.2.5
sources.
I end up with only 4 patches needed. See
patches-setuid-lenny.tar.gz. I did not try compiling lenny's samba
with them yet.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: patches-setuid.tar.gz
Type: application/octet-stream
Size: 19245 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-samba-maint/attachments/20100210/14870169/attachment-0002.obj>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: patches-setuid-lenny.tar.gz
Type: application/octet-stream
Size: 5894 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-samba-maint/attachments/20100210/14870169/attachment-0003.obj>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: Digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-samba-maint/attachments/20100210/14870169/attachment-0001.pgp>
More information about the Pkg-samba-maint
mailing list