[Pkg-samba-maint] Bug#425391: Patch/bug fix for CVE-2007-2447 breaks the use of ;

Arno van Amersfoort a.c.j.van.amersfoort at eld.physics.leidenuniv.nl
Mon May 21 12:29:27 UTC 2007


Package: samba
Version: 3.0.14a-3sarge

After some debugging I discovered that a strange problem I experienced 
was caused by the patched code added in Samba 3.0.14a-3sarge for 
CVE-2007-2447 (Remote Command Injection Vulnerability). It is now no 
longer possible to use the ";" character in options like "preexec = " & 
"postexec =" causing the use of ie. (in my case) "root preexec = mkdir 
-p /home/software/Recycle; chown root:admins /home/software/.Recycle" to 
be executed as "root preexec = mkdir -p /home/software/Recycle chown 
root:admins /home/software/.Recycle" (The semicolon disappears!).

As far as I can see now, it also breaks the use of (in my case) "passwd 
program = /usr/bin/passwd %u; /usr/local/lib/yp_make.sh"

This new unexpected behaviour can possibly break a lot of setups! I 
think the easiest solution is to add the ";" (and possibly also & and |) 
to #define INCLUDE_LIST 
"0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabdefghijklmnopqrstuvwxyz_/ \t.,"


-- 
Ing. A.C.J. van Amersfoort (Arno)
Department Of Electronics (ELD, k1007)
Huygens Laboratory
Leiden University
P.O. Box 9504
Niels Bohrweg 2
2333 CA Leiden
The Netherlands
----------------------------------------------------------------
Phone : +31-(0)71-527.1894   Fax: +31-(0)71-527.5819
E-mail: a.c.j.van.amersfoort at eld.physics.leidenuniv.nl
----------------------------------------------------------------
Arno's (Linux firewall) homepage: http://rocky.eld.leidenuniv.nl










More information about the Pkg-samba-maint mailing list