[Pkg-samba-maint] Bug#884614: Samba 2:3.6.6-6+deb7u15 causes file transfer interruption

Adam Pribyl pribyl at lowlevel.cz
Sun Dec 17 16:38:35 UTC 2017 

Package: samba
Version: 2:3.6.6-6+deb7u15

After upgrade to this version of samba, users report the transfer of files 
are being weirdly interrupted with message that file is being write 
protected.

In the samba log I found this when it happens:

[2017/12/17 16:37:49.505381,  2] 
smbd/sesssetup.c:1279(setup_new_vc_session)
   setup_new_vc_session: New VC == 0, if NT4.x compatible we would close 
all old resources.
[2017/12/17 16:37:49.506102,  1] smbd/service.c:1114(make_connection_snum)
   10.88.0.17 (10.88.0.17) connect to service ftp initially as user ftp 
(uid=103, gid=65534) (pid 1752)
[2017/12/17 16:38:01.082443,  2] smbd/open.c:1033(open_file)
   ftp opened file UserS/File.FXP read=No write=No (numopen=1)
[2017/12/17 16:38:01.244517,  2] smbd/close.c:696(close_normal_file)
   ftp closed file UserS/File.FXP (numopen=0) NT_STATUS_OK
[2017/12/17 16:38:06.013977,  2] smbd/open.c:1033(open_file)
   ftp opened file UserS/File.FXP read=Yes write=Yes (numopen=1)
[2017/12/17 16:41:05.830560,  0] smbd/process.c:244(read_packet_remainder)
[2017/12/17 16:41:05.830628,  2] 
lib/util_sock.c:1070(get_peer_addr_internal)
   getpeername failed. Error was Transport endpoint is not connected
   read_fd_with_timeout failed for client 0.0.0.0 read error = 
NT_STATUS_CONNECTION_RESET.
[2017/12/17 16:41:05.830795,  1] smbd/process.c:457(receive_smb_talloc)
   receive_smb_raw_talloc failed for client 10.88.0.17 read error = 
NT_STATUS_CONNECTION_RESET.
[2017/12/17 16:41:05.830924,  2] smbd/close.c:696(close_normal_file)
   ftp closed file UserS/File.FXP (numopen=0) NT_STATUS_OK
[2017/12/17 16:41:05.830981,  1] smbd/service.c:1378(close_cnum)
   10.88.0.17 (10.88.0.17) closed connection to service ftp


As the changelog states:
  * This is a security release in order to address the following defect:
     - CVE-2017-15275: s3: smbd: Chain code can return uninitialized memory 
when talloc buffer is grown.


It looks like the cause of the failture is a this patch. Downgrading the 
samba to 2:3.6.6-6+deb7u14 seems to fix the problems.

More information about the Pkg-samba-maint mailing list