[Pkg-samba-maint] Bug#568942: Bug#568942: samba: mtab corruption via malicious crafted string
Christian PERRIER
bubulle at debian.org
Sun Feb 14 06:12:37 UTC 2010
Quoting Steve Langasek (vorlon at debian.org):
Thanks for helping out on that issue. It was very clearly going beyond
my skills and knowledge. This is why we have a team..:-)
> The tarball attached to your earlier mail includes a number of patches that
> are not related to bug #6853, and which have not been posted to bug #6853.
> Where did you get this tarball?
https://bugzilla.samba.org/show_bug.cgi?id=6853#c13
Indeed that bug report is quite messy and really mixes many things
together, hence /me being puzzled.
> In particular, the patches
> 0001-Revert-cifs-mount-did-not-properly-display-version-s.patch,
> 0002-s3-mount.cifs-make-mount.cifs-V-print-the-version-no.patch, and
> 0003-mount.cifs-directly-include-sys-stat.h-in-mtab.c.patch are unrelated to
> either of the identified security issues and should not be applied to
> stable; and 0004-mount.cifs-properly-check-for-mount-being-in-fstab-w.patch
> and 0007-mount.cifs-don-t-allow-it-to-be-run-as-setuid-root-p.patch
> deliberately change the behavior of mount.cifs with the rationale that
> allowing users to mount shares on directories they own, or shipping
> mount.cifs suid-root, is not "safe", which is upstream backpedalling on
> previous design decisions and not related to either of the CVEs.
>
> The only patches that are relevant for stable are
> 0005-mount.cifs-take-extra-care-that-mountpoint-isn-t-cha.patch and
> 0006-mount.cifs-check-for-invalid-characters-in-device-na.patch,
> corresponding to CVE-2009-3297 and CVE-2010-0547 respectively. I've applied
> these to the lenny package and will be uploading to the lenny security queue
> shortly.
Ack. THanks for your time and work on this hairy issue.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: Digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-samba-maint/attachments/20100214/56cedd52/attachment.pgp>
More information about the Pkg-samba-maint
mailing list