Your message dated Sun, 14 Feb 2010 06:33:44 +0000
with message-id <e1ngy36-0006pz...@ries.debian.org>
and subject line Bug#567554: fixed in samba 2:3.4.5~dfsg-2
has caused the Debian Bug report #567554,
regarding Privilege escalation in mount.cifs
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
567554: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=567554
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: smbfs
Severity: grave
Tags: security
This is CVE-2009-3297:
https://bugzilla.samba.org/show_bug.cgi?id=6853
/usr/share/doc/smbfs/TODO.Debian states:
There is concern about the setuid status of binaries in this package.
The audit status of the concerned binaries is unclear. We should
figure out whether it is reasonable to provide the flexible user mount
capabilities or whether a more restricted setup is better, at least by
default.
Given that Jeremy Allison writes in the bug above you should probably
drop the setuid for Squeeze:
------- Comment [88]#2 From [89]Jeremy Allison 2009-10-28 12:51:31 CST
-------
I object strongly to dealing with this as a Samba security issue. This code has
not bee audited AND MUST NOT BE SHIPPED SETUID root.
Cheers,
Moritz
-- System Information:
Debian Release: squeeze/sid
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: i386 (i686)
Kernel: Linux 2.6.32-trunk-686 (SMP w/1 CPU core)
Locale: LANG=C, lc_ctype=de_de.iso-8859...@euro (charmap=ISO-8859-15)
Shell: /bin/sh linked to /bin/bash
Versions of packages smbfs depends on:
ii libc6 2.10.2-2 GNU C Library: Shared libraries
ii libcomerr2 1.41.9-1 common error description library
ii libkeyutils1 1.2-12 Linux Key Management Utilities (li
ii libkrb53 1.6.dfsg.4~beta1-13 Transitional library package/krb4
ii libldap-2.4-2 2.4.17-2.1 OpenLDAP libraries
ii libpopt0 1.15-1 lib for parsing cmdline parameters
pn libtalloc1 <none> (no description available)
ii libwbclient0 2:3.4.3-2 Samba winbind client library
ii netbase 4.40 Basic TCP/IP networking system
pn samba-common <none> (no description available)
smbfs recommends no packages.
Versions of packages smbfs suggests:
pn smbclient <none> (no description available)
--- End Message ---
--- Begin Message ---
Source: samba
Source-Version: 2:3.4.5~dfsg-2
We believe that the bug you reported is fixed in the latest version of
samba, which is due to be installed in the Debian FTP archive:
libpam-smbpass_3.4.5~dfsg-2_i386.deb
to main/s/samba/libpam-smbpass_3.4.5~dfsg-2_i386.deb
libsmbclient-dev_3.4.5~dfsg-2_i386.deb
to main/s/samba/libsmbclient-dev_3.4.5~dfsg-2_i386.deb
libsmbclient_3.4.5~dfsg-2_i386.deb
to main/s/samba/libsmbclient_3.4.5~dfsg-2_i386.deb
libwbclient0_3.4.5~dfsg-2_i386.deb
to main/s/samba/libwbclient0_3.4.5~dfsg-2_i386.deb
samba-common-bin_3.4.5~dfsg-2_i386.deb
to main/s/samba/samba-common-bin_3.4.5~dfsg-2_i386.deb
samba-common_3.4.5~dfsg-2_all.deb
to main/s/samba/samba-common_3.4.5~dfsg-2_all.deb
samba-dbg_3.4.5~dfsg-2_i386.deb
to main/s/samba/samba-dbg_3.4.5~dfsg-2_i386.deb
samba-doc-pdf_3.4.5~dfsg-2_all.deb
to main/s/samba/samba-doc-pdf_3.4.5~dfsg-2_all.deb
samba-doc_3.4.5~dfsg-2_all.deb
to main/s/samba/samba-doc_3.4.5~dfsg-2_all.deb
samba-tools_3.4.5~dfsg-2_i386.deb
to main/s/samba/samba-tools_3.4.5~dfsg-2_i386.deb
samba_3.4.5~dfsg-2.debian.tar.gz
to main/s/samba/samba_3.4.5~dfsg-2.debian.tar.gz
samba_3.4.5~dfsg-2.dsc
to main/s/samba/samba_3.4.5~dfsg-2.dsc
samba_3.4.5~dfsg-2_i386.deb
to main/s/samba/samba_3.4.5~dfsg-2_i386.deb
smbclient_3.4.5~dfsg-2_i386.deb
to main/s/samba/smbclient_3.4.5~dfsg-2_i386.deb
smbfs_3.4.5~dfsg-2_i386.deb
to main/s/samba/smbfs_3.4.5~dfsg-2_i386.deb
swat_3.4.5~dfsg-2_i386.deb
to main/s/samba/swat_3.4.5~dfsg-2_i386.deb
winbind_3.4.5~dfsg-2_i386.deb
to main/s/samba/winbind_3.4.5~dfsg-2_i386.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 567...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Christian Perrier <bubu...@debian.org> (supplier of updated samba package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Sat, 13 Feb 2010 14:36:33 +0100
Source: samba
Binary: samba samba-common-bin samba-common samba-tools smbclient swat
samba-doc samba-doc-pdf smbfs libpam-smbpass libsmbclient libsmbclient-dev
winbind samba-dbg libwbclient0
Architecture: source all i386
Version: 2:3.4.5~dfsg-2
Distribution: unstable
Urgency: low
Maintainer: Debian Samba Maintainers <pkg-samba-ma...@lists.alioth.debian.org>
Changed-By: Christian Perrier <bubu...@debian.org>
Description:
libpam-smbpass - pluggable authentication module for Samba
libsmbclient - shared library for communication with SMB/CIFS servers
libsmbclient-dev - development files for libsmbclient
libwbclient0 - Samba winbind client library
samba - SMB/CIFS file, print, and login server for Unix
samba-common - common files used by both the Samba server and client
samba-common-bin - common files used by both the Samba server and client
samba-dbg - Samba debugging symbols
samba-doc - Samba documentation
samba-doc-pdf - Samba documentation in PDF format
samba-tools - Samba testing utilities
smbclient - command-line SMB/CIFS clients for Unix
smbfs - Samba file system utilities
swat - Samba Web Administration Tool
winbind - Samba nameservice integration server
Closes: 566946 567554
Changes:
samba (2:3.4.5~dfsg-2) unstable; urgency=low
.
[ Steve langasek ]
* Revert the "bashisms" fix from version 2:3.3.0~rc2-4; "local foo=bar"
is explicitly allowed by Policy now, and this change introduced a
syntax error. Closes: #566946.
.
[ Christian Perrier ]
* No longer maker (u)mount.cifs setuid root. Add a notice
about this in the package's NEWS.Debian file
Closes: #567554
* Use dh_lintian instead of manual install of lintian overrides
* Updated Standards to 3.8.4 (checked, no change)
Checksums-Sha1:
9b6457da7fa853b5226b23e50c749930a8999ffe 2289 samba_3.4.5~dfsg-2.dsc
a8b1395e5ca7af0d86e99c7f6e49a9cc587b90ad 475591
samba_3.4.5~dfsg-2.debian.tar.gz
ce96d12229dd7ca3a2a3bd3919973c6c852ea876 383214
samba-common_3.4.5~dfsg-2_all.deb
10a65af279a496c7ee5ac82d272e7a989dc572f7 8014302 samba-doc_3.4.5~dfsg-2_all.deb
639f66abe642310d61fb363676a7e57fd6450672 6717290
samba-doc-pdf_3.4.5~dfsg-2_all.deb
f67f1cac130b4eaac378040da06c707c7f39be55 6255600 samba_3.4.5~dfsg-2_i386.deb
570872a30243bd0f1d253310fd52b97dcee20637 4780062
samba-common-bin_3.4.5~dfsg-2_i386.deb
91a33d3ded32d88587f07a73401e6dc537147b7d 9823972
samba-tools_3.4.5~dfsg-2_i386.deb
e0b8d5114342d562cb7d38dc5cdfd87c0899816b 11397994
smbclient_3.4.5~dfsg-2_i386.deb
8341110ea3748d80382a1e23d99bb9cc83101cc4 1888328 swat_3.4.5~dfsg-2_i386.deb
62493a4ef0fdd8ec86ce47b6347460de67fa6ec9 1825806 smbfs_3.4.5~dfsg-2_i386.deb
b378ba6da3010d9d6701f9ce3eced4d17fb92256 668506
libpam-smbpass_3.4.5~dfsg-2_i386.deb
02972dbffc8954c4f22c17479a800d7b7de1fa07 1644894
libsmbclient_3.4.5~dfsg-2_i386.deb
1935a9fcdc9706aa494637f17ae00da874ed4765 2429320
libsmbclient-dev_3.4.5~dfsg-2_i386.deb
c0af8cbf89630d24037c30f265d528172a8188ea 4374238 winbind_3.4.5~dfsg-2_i386.deb
950a016130abcc2cd2bcf1ecf854f20e5526f35a 49003040
samba-dbg_3.4.5~dfsg-2_i386.deb
6bdf224b6e158e81369d47471986dc78417f97c9 90406
libwbclient0_3.4.5~dfsg-2_i386.deb
Checksums-Sha256:
ebe1ff6b1db0c2f83813d1ec6485c8a7845b195f5dd2dc2729102b88f2c64e40 2289
samba_3.4.5~dfsg-2.dsc
0f32cdc9defd2d57b114f89e1bbc810e78726b6e242714ff3180182d5e71ee6d 475591
samba_3.4.5~dfsg-2.debian.tar.gz
09083d47510e854e2754f90952f2c5296f7e865f162ae3c9f7ff4c806e3e6f95 383214
samba-common_3.4.5~dfsg-2_all.deb
ff1dd552e4602067160b7167422932651dbb1d900583cfcacff38e8b7364ff62 8014302
samba-doc_3.4.5~dfsg-2_all.deb
32c765479d015b0327be364fbaf9885bdcb5de1134416d2fb0336475b2d4eeb2 6717290
samba-doc-pdf_3.4.5~dfsg-2_all.deb
c8b200e01eac9757ef2be3bc21d8b8d5af89cbda430b4792ad3db29fd3ac159c 6255600
samba_3.4.5~dfsg-2_i386.deb
f9854b1dca6fd476a1c20c2f1ba8aac85b29884b15228c515341166fcdc443e9 4780062
samba-common-bin_3.4.5~dfsg-2_i386.deb
d4834cc1533aa8cb325abd5463c5c8449ccc4a1b7611403929b7fec7ffd45c17 9823972
samba-tools_3.4.5~dfsg-2_i386.deb
7c6b30837a501f620e9f2571911ca916e4544fbcbb8129b3213f01585333b8d1 11397994
smbclient_3.4.5~dfsg-2_i386.deb
6d196af002ca9701223b29ea7c6fcaeff499e4482bdd33635ba9b0a638b6615d 1888328
swat_3.4.5~dfsg-2_i386.deb
4edb967ced091f9ff7b75054aaa36529c6c488f902345319f5fa8e4141eb3268 1825806
smbfs_3.4.5~dfsg-2_i386.deb
0272ad4847c756cc66432cacddb5fb391a0ca1a786c4412a5a46938dc7d435b2 668506
libpam-smbpass_3.4.5~dfsg-2_i386.deb
550bcede17b1b64a21a256c1f8f8188a0ac9e1f33fcf57507ceb9293373265ff 1644894
libsmbclient_3.4.5~dfsg-2_i386.deb
eb0b09ff72ef34f56c196dc577c221ec7e321ca0c0201569e1bebc8e52c6aa4b 2429320
libsmbclient-dev_3.4.5~dfsg-2_i386.deb
b95eab2e2e3dde5940be6247924903067a4eb24b03b817b5c06a8626d5a1cd6f 4374238
winbind_3.4.5~dfsg-2_i386.deb
de837967a04da03953850c9ee6ccd4cd2695337e940e1720fa6bd0de6c431b7c 49003040
samba-dbg_3.4.5~dfsg-2_i386.deb
48bb1d218b4bb39e94e9f5aa68a66f5f48660059c01111b69b6072ed7b4de2c4 90406
libwbclient0_3.4.5~dfsg-2_i386.deb
Files:
3d1f31035fa8033590049e3d9712fa52 2289 net optional samba_3.4.5~dfsg-2.dsc
bf50f8c5847dcbd2941e5697313e259a 475591 net optional
samba_3.4.5~dfsg-2.debian.tar.gz
745d8f75c6b5ba755aa723b957ab8b85 383214 net optional
samba-common_3.4.5~dfsg-2_all.deb
312ae3733f2807fe8628fcd8330d7d0b 8014302 doc optional
samba-doc_3.4.5~dfsg-2_all.deb
afaa003cb447491960b40142733c3792 6717290 doc optional
samba-doc-pdf_3.4.5~dfsg-2_all.deb
14e95cd4fe67198d08b346d9ea692e19 6255600 net optional
samba_3.4.5~dfsg-2_i386.deb
bb65858960150ccd8ffd3497c82bb5f0 4780062 net optional
samba-common-bin_3.4.5~dfsg-2_i386.deb
eae1c4d8b26136a6f4afbfeed5082acc 9823972 net optional
samba-tools_3.4.5~dfsg-2_i386.deb
cbf4f317d9e93c6f2d8f0af5c34b12d0 11397994 net optional
smbclient_3.4.5~dfsg-2_i386.deb
f57351eaefee9de05352ede5f75a2f2d 1888328 net optional
swat_3.4.5~dfsg-2_i386.deb
537ae47f73640cfed6e21417ec2e1303 1825806 otherosfs optional
smbfs_3.4.5~dfsg-2_i386.deb
76de7fdab34491758e2132d5d6f54b42 668506 admin extra
libpam-smbpass_3.4.5~dfsg-2_i386.deb
a8efa586a8d9a93b9a0664833b731207 1644894 libs optional
libsmbclient_3.4.5~dfsg-2_i386.deb
7d7b3ef163a679d4615c781c65729335 2429320 libdevel extra
libsmbclient-dev_3.4.5~dfsg-2_i386.deb
48d07af29d2f13b1744852c2af3bbb38 4374238 net optional
winbind_3.4.5~dfsg-2_i386.deb
3f3adf9cf0c388d05b8f6fdfea561a0a 49003040 debug extra
samba-dbg_3.4.5~dfsg-2_i386.deb
7cc95e8f880d3213740c2fb650ec58fa 90406 libs optional
libwbclient0_3.4.5~dfsg-2_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iD8DBQFLdsqI1OXtrMAUPS0RAtwgAJ996g/4+3ubXtiXXrgSPUZnE1n4zACfVjcP
PR9tDfjJGM9zgx5kjNL6NmY=
=UdEU
-----END PGP SIGNATURE-----
--- End Message ---