Your message dated Tue, 23 Jun 2009 08:39:13 +0200
with message-id <[email protected]>
and subject line issue was rejected
has caused the Debian Bug report #527894,
regarding CVE-2008-6800: Race condition in the winbind daemon (aka winbindd) in
Samba before 3.0.32
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
527894: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=527894
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: samba
Version: 3.0.24-6etch10
Severity: serious
Tags: security etch
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for samba.
CVE-2008-6800[0]:
| Race condition in the winbind daemon (aka winbindd) in Samba before
| 3.0.32 allows attackers to cause a denial of service (crash) via
| unspecified vectors related to an "unresponsive" child process.
If you fix the vulnerability please also make sure to include the
CVE id in your changelog entry.
For further information see:
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-6800
http://security-tracker.debian.net/tracker/CVE-2008-6800
Cheers,
Giuseppe.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iEYEARECAAYFAkoFPDIACgkQNxpp46476apo+wCfT5V/l/VdW36gaUXyHV59WZIf
I30An1DbtApNktLwaj3gaa2MsXxtAXnv
=8f0N
-----END PGP SIGNATURE-----
--- End Message ---
--- Begin Message ---
Hi,
This issue was later rejected by CVE with the following reasoning:
"** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: None. Reason: this
candidate is not a security issue. It was originally created based on one
vendor's misinterpretation of an upstream changelog comment that referred to
a race condition in the winbind daemon (aka winbindd) in Samba before 3.0.32.
The upstream vendor states: "The Samba Team sees no way to exploit this race
condition by a user of the system or an external attacker. In order to be
able to trigger the race condition a privileged user (root) need to
intentionally kill a winbind child process and carefully time the killing to
trigger the race condition. Although, if the user is already privileged, it
can more easily just kill the parent process directly." CVE concurs with the
dispute. Notes: CVE users should not use this identifier. "
Closing the bug.
Thijs
signature.asc
Description: This is a digitally signed message part.
--- End Message ---
