[Bug 1088136] [NEW] AUTH cannot handle a request with an initial-response over 2048 bytes (GSSAPI-related)
You have been subscribed to a public bug: smtp_cmd_buffer_size is currently 2048 bytes. 2048 bytes is not sufficient for clients that send an AUTH with an initial-response for GSSAPI when Windows Kerberos tickets are used that contain a PAC -- as of Windows 2003, the maximum ticket size is 12000 bytes. MUAs that use AUTH GSSAPI without an initial-response are not impacted by the 2048 limit, since the remainder of the SASL session is handled by auth_get_data in Exim, which uses big_buffer and has sufficient space to process large Kerberos tickets. Thunderbird will always send an AUTH GSSAPI with an initial-response, which makes it subject to the 2048 byte limit. A large Kerberos ticket will easily surpass 2048 bytes when base64-encoded, causing the AUTH to fail. RFC 4954 recommends 12288 bytes as a line limit to handle AUTH. For a base64 encoded max-size Windows Kerberos ticket, at least 16000 bytes are needed. This bug is fixed upstream (4.77). [Impact] smtp_cmd_buffer_size is currently 2048 bytes. 2048 bytes is not sufficient for clients that send an AUTH with an initial-response for GSSAPI when Windows Kerberos tickets are used that contain a PAC. For a base64 encoded max-size Windows Kerberos ticket, at least 16000 bytes are needed. [Test Case] 1. Configure exim4 to use GSSAPI auth. 2. Configure thunderbird to use GSSAPI smtp auth on windows xp/vista/7/2003/2008. 3. Auth will always fail. [Regression Potential] The fix for this bug is one-line-patch applied to upstream (4.77) more than year ago, so it already has got sufficient testing. ** Affects: exim4 (Ubuntu) Importance: Undecided Status: New -- AUTH cannot handle a request with an initial-response over 2048 bytes (GSSAPI-related) https://bugs.launchpad.net/bugs/1088136 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to exim4 in Ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1088136] [NEW] AUTH cannot handle a request with an initial-response over 2048 bytes (GSSAPI-related)
Public bug reported: smtp_cmd_buffer_size is currently 2048 bytes. 2048 bytes is not sufficient for clients that send an AUTH with an initial-response for GSSAPI when Windows Kerberos tickets are used that contain a PAC -- as of Windows 2003, the maximum ticket size is 12000 bytes. MUAs that use AUTH GSSAPI without an initial-response are not impacted by the 2048 limit, since the remainder of the SASL session is handled by auth_get_data in Exim, which uses big_buffer and has sufficient space to process large Kerberos tickets. Thunderbird will always send an AUTH GSSAPI with an initial-response, which makes it subject to the 2048 byte limit. A large Kerberos ticket will easily surpass 2048 bytes when base64-encoded, causing the AUTH to fail. RFC 4954 recommends 12288 bytes as a line limit to handle AUTH. For a base64 encoded max-size Windows Kerberos ticket, at least 16000 bytes are needed. This bug is fixed upstream (4.77). It would be nice to backport it to precise. [Impact] smtp_cmd_buffer_size is currently 2048 bytes. 2048 bytes is not sufficient for clients that send an AUTH with an initial-response for GSSAPI when Windows Kerberos tickets are used that contain a PAC. For a base64 encoded max-size Windows Kerberos ticket, at least 16000 bytes are needed. [Test Case] 1. Configure exim4 to use GSSAPI auth. 2. Configure thunderbird to use GSSAPI smtp auth on windows xp/vista/7/2003/2008. 3. Auth will always fail. [Regression Potential] The fix for this bug is one-line-patch applied to upstream (4.77) more than year ago, so it already has got sufficient testing. ** Affects: exim Importance: Unknown Status: Unknown ** Affects: exim4 (Ubuntu) Importance: Undecided Status: New ** Package changed: heimdal (Ubuntu) = exim4 (Ubuntu) ** Description changed: smtp_cmd_buffer_size is currently 2048 bytes. 2048 bytes is not sufficient for clients that send an AUTH with an initial-response for GSSAPI when Windows Kerberos tickets are used that contain a PAC -- as of Windows 2003, the maximum ticket size is 12000 bytes. MUAs that use AUTH GSSAPI without an initial-response are not impacted by the 2048 limit, since the remainder of the SASL session is handled by auth_get_data in Exim, which uses big_buffer and has sufficient space to process large Kerberos tickets. Thunderbird will always send an AUTH GSSAPI with an initial-response, which makes it subject to the 2048 byte limit. A large Kerberos ticket will easily surpass 2048 bytes when base64-encoded, causing the AUTH to fail. RFC 4954 recommends 12288 bytes as a line limit to handle AUTH. For a base64 - encoded max-size Windows Kerberos ticket, at least 16000 bytes are needed. + encoded max-size Windows Kerberos ticket, at least 16000 bytes are needed. - This bug is fixed upstream (4.77). + This bug is fixed upstream (4.77). It would be nice to backport it to + precise. [Impact] smtp_cmd_buffer_size is currently 2048 bytes. 2048 bytes is not sufficient for clients that send an AUTH with an initial-response for GSSAPI when Windows Kerberos tickets are used that contain a PAC. For a base64 encoded max-size Windows Kerberos ticket, at least 16000 bytes are needed. [Test Case] 1. Configure exim4 to use GSSAPI auth. 2. Configure thunderbird to use GSSAPI smtp auth on windows xp/vista/7/2003/2008. 3. Auth will always fail. [Regression Potential] The fix for this bug is one-line-patch applied to upstream (4.77) more than year ago, so it already has got sufficient testing. -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to exim4 in Ubuntu. https://bugs.launchpad.net/bugs/1088136 Title: AUTH cannot handle a request with an initial-response over 2048 bytes (GSSAPI-related) To manage notifications about this bug go to: https://bugs.launchpad.net/exim/+bug/1088136/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1088136] Re: AUTH cannot handle a request with an initial-response over 2048 bytes (GSSAPI-related)
This debdiff includes fix for this bug. ** Patch added: exim4 debdiff https://bugs.launchpad.net/ubuntu/+source/exim4/+bug/1088136/+attachment/3455194/+files/exim4.debdiff ** Bug watch added: bugs.exim.org/ #879 http://bugs.exim.org/show_bug.cgi?id=879 ** Also affects: exim via http://bugs.exim.org/show_bug.cgi?id=879 Importance: Unknown Status: Unknown -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to exim4 in Ubuntu. https://bugs.launchpad.net/bugs/1088136 Title: AUTH cannot handle a request with an initial-response over 2048 bytes (GSSAPI-related) To manage notifications about this bug go to: https://bugs.launchpad.net/exim/+bug/1088136/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1088160] [NEW] ovs-brcompatd: could not open brcompat socket. Check brcompat kernel module.
Public bug reported: Hello, after installation of openvswitch packages I'm not able to start brcompat service. I used package openvswitch-datapath-dkms. brcompat module is loaded # lsmod | grep brcompat brcompat 12387 0 # service openvswitch-switch status ovsdb-server is running with pid 4689 ovs-vswitchd is running with pid 4698 ovs-brcompatd is not running when I try to restart openvswitch services it end up with error message: # service openvswitch-switch restart * ovs-brcompatd is not running * Killing ovs-vswitchd (8226) * Killing ovsdb-server (8217) * Starting ovsdb-server * Configuring Open vSwitch system IDs * Starting ovs-vswitchd ovs-brcompatd: could not open brcompat socket. Check brcompat kernel module. * Starting ovs-brcompatd I tried to compile module # module-assistant auto-install openvswitch-datapath but it was terminated with error install: cannot stat `openvswitch/datapath/linux/*_mod.ko': No such file or directory # 'lsb_release -rd' Description:Ubuntu 12.10 Release:12.10 # apt-cache policy openvswitch-datapath-dkms openvswitch-datapath-dkms: Installed: 1.4.3-0ubuntu2 Candidate: 1.4.3-0ubuntu2 Version table: *** 1.4.3-0ubuntu2 0 500 http://sk.archive.ubuntu.com/ubuntu/ quantal-updates/universe amd64 Packages 100 /var/lib/dpkg/status ** Affects: openvswitch (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to openvswitch in Ubuntu. https://bugs.launchpad.net/bugs/1088160 Title: ovs-brcompatd: could not open brcompat socket. Check brcompat kernel module. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openvswitch/+bug/1088160/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1088136] Re: AUTH cannot handle a request with an initial-response over 2048 bytes (GSSAPI-related)
** Changed in: exim Status: Unknown = Fix Released -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to exim4 in Ubuntu. https://bugs.launchpad.net/bugs/1088136 Title: AUTH cannot handle a request with an initial-response over 2048 bytes (GSSAPI-related) To manage notifications about this bug go to: https://bugs.launchpad.net/exim/+bug/1088136/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 645625] Re: lxc container can power-off host machine
thanks for your infomation,Serge -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/645625 Title: lxc container can power-off host machine To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/645625/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1077897] Re: Cron quota script not working for groups
** Changed in: quota (Debian) Status: New = Fix Released -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to quota in Ubuntu. https://bugs.launchpad.net/bugs/1077897 Title: Cron quota script not working for groups To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/quota/+bug/1077897/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1088053] Re: Kernel needs to provide FIFREEZE/FITHAW ioctl so that open-vm-dkms can build
** Changed in: linux (Ubuntu) Status: Incomplete = Confirmed -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to open-vm-tools in Ubuntu. https://bugs.launchpad.net/bugs/1088053 Title: Kernel needs to provide FIFREEZE/FITHAW ioctl so that open-vm-dkms can build To manage notifications about this bug go to: https://bugs.launchpad.net/open-vm-tools/+bug/1088053/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1088235] [NEW] package puppetmaster-passenger 2.7.18-1ubuntu1 failed to install/upgrade: subprocess installed post-installation script returned error exit status 1
Public bug reported: I was trying to install apt-get install puppet-* ProblemType: Package DistroRelease: Ubuntu 12.10 Package: puppetmaster-passenger 2.7.18-1ubuntu1 ProcVersionSignature: Ubuntu 3.5.0-19.30-generic 3.5.7 Uname: Linux 3.5.0-19-generic i686 ApportVersion: 2.6.1-0ubuntu6 Architecture: i386 Date: Sun Dec 9 22:23:52 2012 ErrorMessage: subprocess installed post-installation script returned error exit status 1 InstallationDate: Installed on 2012-12-08 (1 days ago) InstallationMedia: Ubuntu 12.10 Quantal Quetzal - Release i386 (20121017.2) MarkForUpload: True PackageArchitecture: all SourcePackage: puppet Title: package puppetmaster-passenger 2.7.18-1ubuntu1 failed to install/upgrade: subprocess installed post-installation script returned error exit status 1 UpgradeStatus: No upgrade log present (probably fresh install) ** Affects: puppet (Ubuntu) Importance: Undecided Status: New ** Tags: apport-package i386 quantal third-party-packages -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to puppet in Ubuntu. https://bugs.launchpad.net/bugs/1088235 Title: package puppetmaster-passenger 2.7.18-1ubuntu1 failed to install/upgrade: subprocess installed post-installation script returned error exit status 1 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/puppet/+bug/1088235/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1086162] Re: IPMI based power management default to IPMI 1.5 based authentication
** Changed in: maas Status: Confirmed = Triaged ** Tags added: power -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to maas in Ubuntu. https://bugs.launchpad.net/bugs/1086162 Title: IPMI based power management default to IPMI 1.5 based authentication To manage notifications about this bug go to: https://bugs.launchpad.net/maas/+bug/1086162/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1088312] [NEW] package setserial 2.17-47 failed to install/upgrade: subprocess installed post-installation script returned error exit status 1
Public bug reported: Upgrade from Lubuntu 12.04 64bit to 12.10. Setserial fails, uninstalling and reinstalling package results in the same error. ProblemType: Package DistroRelease: Ubuntu 12.10 Package: setserial 2.17-47 ProcVersionSignature: Ubuntu 3.5.0-19.30-generic 3.5.7 Uname: Linux 3.5.0-19-generic x86_64 ApportVersion: 2.6.1-0ubuntu6 Architecture: amd64 Date: Mon Dec 10 02:33:08 2012 ErrorMessage: subprocess installed post-installation script returned error exit status 1 MarkForUpload: True SourcePackage: setserial Title: package setserial 2.17-47 failed to install/upgrade: subprocess installed post-installation script returned error exit status 1 UpgradeStatus: Upgraded to quantal on 2012-12-10 (0 days ago) ** Affects: setserial (Ubuntu) Importance: Undecided Status: New ** Tags: amd64 apport-package quantal -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to setserial in Ubuntu. https://bugs.launchpad.net/bugs/1088312 Title: package setserial 2.17-47 failed to install/upgrade: subprocess installed post-installation script returned error exit status 1 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/setserial/+bug/1088312/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 802117] Re: juju ssh/scp commands cause spurious key errors, should use a different known_hosts file
** Changed in: juju-core Milestone: 1.9.4 = 1.9.5 -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to juju in Ubuntu. https://bugs.launchpad.net/bugs/802117 Title: juju ssh/scp commands cause spurious key errors, should use a different known_hosts file To manage notifications about this bug go to: https://bugs.launchpad.net/juju/+bug/802117/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1064224] Re: IPMI detection ends up with power_address of 0.0.0.0
** Changed in: maas Status: Fix Committed = Fix Released -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to maas in Ubuntu. https://bugs.launchpad.net/bugs/1064224 Title: IPMI detection ends up with power_address of 0.0.0.0 To manage notifications about this bug go to: https://bugs.launchpad.net/maas/+bug/1064224/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1006966] Re: maas mirror values are overwritten by cloud-init
** Changed in: maas Status: Triaged = Fix Released ** Changed in: maas Assignee: (unassigned) = Scott Moser (smoser) -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to cloud-init in Ubuntu. https://bugs.launchpad.net/bugs/1006966 Title: maas mirror values are overwritten by cloud-init To manage notifications about this bug go to: https://bugs.launchpad.net/maas/+bug/1006966/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1073082] Re: Login always warns about fsck, but doesn't actually fsck on reboot
Status changed to 'Confirmed' because the bug affects multiple users. ** Changed in: cloud-init (Ubuntu) Status: New = Confirmed -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to cloud-init in Ubuntu. https://bugs.launchpad.net/bugs/1073082 Title: Login always warns about fsck, but doesn't actually fsck on reboot To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/cloud-init/+bug/1073082/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1064747] Re: Can't boot OSX DVD
[Expired for qemu-kvm (Ubuntu) because there has been no activity for 60 days.] ** Changed in: qemu-kvm (Ubuntu) Status: Incomplete = Expired -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to qemu-kvm in Ubuntu. https://bugs.launchpad.net/bugs/1064747 Title: Can't boot OSX DVD To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/qemu-kvm/+bug/1064747/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 802400] Re: mysql help sends unchecked contents to mysqld
** Changed in: percona-server Status: Confirmed = Triaged -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to mysql-5.1 in Ubuntu. https://bugs.launchpad.net/bugs/802400 Title: mysql help sends unchecked contents to mysqld To manage notifications about this bug go to: https://bugs.launchpad.net/maria/+bug/802400/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1076461] Re: unmatched entries for smartd
Also: smartd 5.41 2011-06-09 r3365 [x86_64-linux-3.2.0-33-generic] (local build) Copyright (C) 2002-11 by Bruce Allen, http://smartmontools.sourceforge.net Device: /dev/sda [SAT], ST95005620AS, S/N:5YX12P01, WWN:5-000c50-038cde7d2, FW:SD26, 500 GB Device: /dev/sdb [SAT], WDC WD3200BEKT-22F3T0, S/N:WD-WXM908SJ1447, WWN:5-0014ee-2023443ed, FW:11.01A11, 320 GB -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to logwatch in Ubuntu. https://bugs.launchpad.net/bugs/1076461 Title: unmatched entries for smartd To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/logwatch/+bug/1076461/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1082699] Re: cannot copy to samba share
This is a more complete discription of my problem which I do not believe to be a configuration problem. I have an Ubuntu 12.04 Server with Samba set up. I have an Ubuntu 12.10 Desktop, an Ubuntu 12.10 Laptop and a Windows 8 Surface Tablet. A) The Laptop or Desktop try to copy a file of any size and type to the server via samba - grey window (freeze) which recovers after a few seconds yet reports timeout. A file is created at the destination (size= 0 bytes). The Copy window progress bar never moves beyond 0 bytes. This is easily reproducible. B) The Windows 8 PC can copy files to the Samba Share on my Ubuntu 12.04 Server without problems. C) The Ubuntu 12.10 PCs can copy files to each other without problems D) The Ubuntu 12.10 PC can copy files to the Surface Tablet without problems. This sounds like a bug to me as copying used to work before I upgraded and I certainly did not make any omnious changes to both my Ubuntu 12.10 PCs. I gather that it is not a problem with my server as my Tablet can copy files to that system with no problems. Accessing files on the remote share is not a problem with ubuntu 12.10 by the way. I will try to update my Server to 12.10 and report back if that helped. -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to samba in Ubuntu. https://bugs.launchpad.net/bugs/1082699 Title: cannot copy to samba share To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/samba/+bug/1082699/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
