Bug#567554: marked as done (Privilege escalation in mount.cifs)

[Debian Bug Tracking System]

Your message dated Sun, 14 Feb 2010 06:33:44 +0000
with message-id <e1ngy36-0006pz...@ries.debian.org>
and subject line Bug#567554: fixed in samba 2:3.4.5~dfsg-2
has caused the Debian Bug report #567554,
regarding Privilege escalation in mount.cifs
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
567554: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=567554
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

--- Begin Message ---

Package: smbfs
Severity: grave
Tags: security

This is CVE-2009-3297:
https://bugzilla.samba.org/show_bug.cgi?id=6853

/usr/share/doc/smbfs/TODO.Debian states:
  There is concern about the setuid status of binaries in this package.
  The audit status of the concerned binaries is unclear.  We should
  figure out whether it is reasonable to provide the flexible user mount
  capabilities or whether a more restricted setup is better, at least by
  default.

Given that Jeremy Allison writes in the bug above you should probably
drop the setuid for Squeeze:

   ------- Comment [88]#2 From [89]Jeremy Allison 2009-10-28 12:51:31 CST 
-------

 I object strongly to dealing with this as a Samba security issue. This code has
 not bee audited AND MUST NOT BE SHIPPED SETUID root.

Cheers,
        Moritz

-- System Information:
Debian Release: squeeze/sid
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: i386 (i686)

Kernel: Linux 2.6.32-trunk-686 (SMP w/1 CPU core)
Locale: LANG=C, lc_ctype=de_de.iso-8859...@euro (charmap=ISO-8859-15)
Shell: /bin/sh linked to /bin/bash

Versions of packages smbfs depends on:
ii  libc6                2.10.2-2            GNU C Library: Shared libraries
ii  libcomerr2           1.41.9-1            common error description library
ii  libkeyutils1         1.2-12              Linux Key Management Utilities (li
ii  libkrb53             1.6.dfsg.4~beta1-13 Transitional library package/krb4 
ii  libldap-2.4-2        2.4.17-2.1          OpenLDAP libraries
ii  libpopt0             1.15-1              lib for parsing cmdline parameters
pn  libtalloc1           <none>              (no description available)
ii  libwbclient0         2:3.4.3-2           Samba winbind client library
ii  netbase              4.40                Basic TCP/IP networking system
pn  samba-common         <none>              (no description available)

smbfs recommends no packages.

Versions of packages smbfs suggests:
pn  smbclient                     <none>     (no description available)

--- End Message ---

--- Begin Message ---

Source: samba
Source-Version: 2:3.4.5~dfsg-2

We believe that the bug you reported is fixed in the latest version of
samba, which is due to be installed in the Debian FTP archive:

libpam-smbpass_3.4.5~dfsg-2_i386.deb
  to main/s/samba/libpam-smbpass_3.4.5~dfsg-2_i386.deb
libsmbclient-dev_3.4.5~dfsg-2_i386.deb
  to main/s/samba/libsmbclient-dev_3.4.5~dfsg-2_i386.deb
libsmbclient_3.4.5~dfsg-2_i386.deb
  to main/s/samba/libsmbclient_3.4.5~dfsg-2_i386.deb
libwbclient0_3.4.5~dfsg-2_i386.deb
  to main/s/samba/libwbclient0_3.4.5~dfsg-2_i386.deb
samba-common-bin_3.4.5~dfsg-2_i386.deb
  to main/s/samba/samba-common-bin_3.4.5~dfsg-2_i386.deb
samba-common_3.4.5~dfsg-2_all.deb
  to main/s/samba/samba-common_3.4.5~dfsg-2_all.deb
samba-dbg_3.4.5~dfsg-2_i386.deb
  to main/s/samba/samba-dbg_3.4.5~dfsg-2_i386.deb
samba-doc-pdf_3.4.5~dfsg-2_all.deb
  to main/s/samba/samba-doc-pdf_3.4.5~dfsg-2_all.deb
samba-doc_3.4.5~dfsg-2_all.deb
  to main/s/samba/samba-doc_3.4.5~dfsg-2_all.deb
samba-tools_3.4.5~dfsg-2_i386.deb
  to main/s/samba/samba-tools_3.4.5~dfsg-2_i386.deb
samba_3.4.5~dfsg-2.debian.tar.gz
  to main/s/samba/samba_3.4.5~dfsg-2.debian.tar.gz
samba_3.4.5~dfsg-2.dsc
  to main/s/samba/samba_3.4.5~dfsg-2.dsc
samba_3.4.5~dfsg-2_i386.deb
  to main/s/samba/samba_3.4.5~dfsg-2_i386.deb
smbclient_3.4.5~dfsg-2_i386.deb
  to main/s/samba/smbclient_3.4.5~dfsg-2_i386.deb
smbfs_3.4.5~dfsg-2_i386.deb
  to main/s/samba/smbfs_3.4.5~dfsg-2_i386.deb
swat_3.4.5~dfsg-2_i386.deb
  to main/s/samba/swat_3.4.5~dfsg-2_i386.deb
winbind_3.4.5~dfsg-2_i386.deb
  to main/s/samba/winbind_3.4.5~dfsg-2_i386.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 567...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Christian Perrier <bubu...@debian.org> (supplier of updated samba package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Sat, 13 Feb 2010 14:36:33 +0100
Source: samba
Binary: samba samba-common-bin samba-common samba-tools smbclient swat 
samba-doc samba-doc-pdf smbfs libpam-smbpass libsmbclient libsmbclient-dev 
winbind samba-dbg libwbclient0
Architecture: source all i386
Version: 2:3.4.5~dfsg-2
Distribution: unstable
Urgency: low
Maintainer: Debian Samba Maintainers <pkg-samba-ma...@lists.alioth.debian.org>
Changed-By: Christian Perrier <bubu...@debian.org>
Description: 
 libpam-smbpass - pluggable authentication module for Samba
 libsmbclient - shared library for communication with SMB/CIFS servers
 libsmbclient-dev - development files for libsmbclient
 libwbclient0 - Samba winbind client library
 samba      - SMB/CIFS file, print, and login server for Unix
 samba-common - common files used by both the Samba server and client
 samba-common-bin - common files used by both the Samba server and client
 samba-dbg  - Samba debugging symbols
 samba-doc  - Samba documentation
 samba-doc-pdf - Samba documentation in PDF format
 samba-tools - Samba testing utilities
 smbclient  - command-line SMB/CIFS clients for Unix
 smbfs      - Samba file system utilities
 swat       - Samba Web Administration Tool
 winbind    - Samba nameservice integration server
Closes: 566946 567554
Changes: 
 samba (2:3.4.5~dfsg-2) unstable; urgency=low
 .
   [ Steve langasek ]
   * Revert the "bashisms" fix from version 2:3.3.0~rc2-4; "local foo=bar"
     is explicitly allowed by Policy now, and this change introduced a
     syntax error.  Closes: #566946.
 .
   [ Christian Perrier ]
   * No longer maker (u)mount.cifs setuid root. Add a notice
     about this in the package's NEWS.Debian file
     Closes: #567554
   * Use dh_lintian instead of manual install of lintian overrides
   * Updated Standards to 3.8.4 (checked, no change)
Checksums-Sha1: 
 9b6457da7fa853b5226b23e50c749930a8999ffe 2289 samba_3.4.5~dfsg-2.dsc
 a8b1395e5ca7af0d86e99c7f6e49a9cc587b90ad 475591 
samba_3.4.5~dfsg-2.debian.tar.gz
 ce96d12229dd7ca3a2a3bd3919973c6c852ea876 383214 
samba-common_3.4.5~dfsg-2_all.deb
 10a65af279a496c7ee5ac82d272e7a989dc572f7 8014302 samba-doc_3.4.5~dfsg-2_all.deb
 639f66abe642310d61fb363676a7e57fd6450672 6717290 
samba-doc-pdf_3.4.5~dfsg-2_all.deb
 f67f1cac130b4eaac378040da06c707c7f39be55 6255600 samba_3.4.5~dfsg-2_i386.deb
 570872a30243bd0f1d253310fd52b97dcee20637 4780062 
samba-common-bin_3.4.5~dfsg-2_i386.deb
 91a33d3ded32d88587f07a73401e6dc537147b7d 9823972 
samba-tools_3.4.5~dfsg-2_i386.deb
 e0b8d5114342d562cb7d38dc5cdfd87c0899816b 11397994 
smbclient_3.4.5~dfsg-2_i386.deb
 8341110ea3748d80382a1e23d99bb9cc83101cc4 1888328 swat_3.4.5~dfsg-2_i386.deb
 62493a4ef0fdd8ec86ce47b6347460de67fa6ec9 1825806 smbfs_3.4.5~dfsg-2_i386.deb
 b378ba6da3010d9d6701f9ce3eced4d17fb92256 668506 
libpam-smbpass_3.4.5~dfsg-2_i386.deb
 02972dbffc8954c4f22c17479a800d7b7de1fa07 1644894 
libsmbclient_3.4.5~dfsg-2_i386.deb
 1935a9fcdc9706aa494637f17ae00da874ed4765 2429320 
libsmbclient-dev_3.4.5~dfsg-2_i386.deb
 c0af8cbf89630d24037c30f265d528172a8188ea 4374238 winbind_3.4.5~dfsg-2_i386.deb
 950a016130abcc2cd2bcf1ecf854f20e5526f35a 49003040 
samba-dbg_3.4.5~dfsg-2_i386.deb
 6bdf224b6e158e81369d47471986dc78417f97c9 90406 
libwbclient0_3.4.5~dfsg-2_i386.deb
Checksums-Sha256: 
 ebe1ff6b1db0c2f83813d1ec6485c8a7845b195f5dd2dc2729102b88f2c64e40 2289 
samba_3.4.5~dfsg-2.dsc
 0f32cdc9defd2d57b114f89e1bbc810e78726b6e242714ff3180182d5e71ee6d 475591 
samba_3.4.5~dfsg-2.debian.tar.gz
 09083d47510e854e2754f90952f2c5296f7e865f162ae3c9f7ff4c806e3e6f95 383214 
samba-common_3.4.5~dfsg-2_all.deb
 ff1dd552e4602067160b7167422932651dbb1d900583cfcacff38e8b7364ff62 8014302 
samba-doc_3.4.5~dfsg-2_all.deb
 32c765479d015b0327be364fbaf9885bdcb5de1134416d2fb0336475b2d4eeb2 6717290 
samba-doc-pdf_3.4.5~dfsg-2_all.deb
 c8b200e01eac9757ef2be3bc21d8b8d5af89cbda430b4792ad3db29fd3ac159c 6255600 
samba_3.4.5~dfsg-2_i386.deb
 f9854b1dca6fd476a1c20c2f1ba8aac85b29884b15228c515341166fcdc443e9 4780062 
samba-common-bin_3.4.5~dfsg-2_i386.deb
 d4834cc1533aa8cb325abd5463c5c8449ccc4a1b7611403929b7fec7ffd45c17 9823972 
samba-tools_3.4.5~dfsg-2_i386.deb
 7c6b30837a501f620e9f2571911ca916e4544fbcbb8129b3213f01585333b8d1 11397994 
smbclient_3.4.5~dfsg-2_i386.deb
 6d196af002ca9701223b29ea7c6fcaeff499e4482bdd33635ba9b0a638b6615d 1888328 
swat_3.4.5~dfsg-2_i386.deb
 4edb967ced091f9ff7b75054aaa36529c6c488f902345319f5fa8e4141eb3268 1825806 
smbfs_3.4.5~dfsg-2_i386.deb
 0272ad4847c756cc66432cacddb5fb391a0ca1a786c4412a5a46938dc7d435b2 668506 
libpam-smbpass_3.4.5~dfsg-2_i386.deb
 550bcede17b1b64a21a256c1f8f8188a0ac9e1f33fcf57507ceb9293373265ff 1644894 
libsmbclient_3.4.5~dfsg-2_i386.deb
 eb0b09ff72ef34f56c196dc577c221ec7e321ca0c0201569e1bebc8e52c6aa4b 2429320 
libsmbclient-dev_3.4.5~dfsg-2_i386.deb
 b95eab2e2e3dde5940be6247924903067a4eb24b03b817b5c06a8626d5a1cd6f 4374238 
winbind_3.4.5~dfsg-2_i386.deb
 de837967a04da03953850c9ee6ccd4cd2695337e940e1720fa6bd0de6c431b7c 49003040 
samba-dbg_3.4.5~dfsg-2_i386.deb
 48bb1d218b4bb39e94e9f5aa68a66f5f48660059c01111b69b6072ed7b4de2c4 90406 
libwbclient0_3.4.5~dfsg-2_i386.deb
Files: 
 3d1f31035fa8033590049e3d9712fa52 2289 net optional samba_3.4.5~dfsg-2.dsc
 bf50f8c5847dcbd2941e5697313e259a 475591 net optional 
samba_3.4.5~dfsg-2.debian.tar.gz
 745d8f75c6b5ba755aa723b957ab8b85 383214 net optional 
samba-common_3.4.5~dfsg-2_all.deb
 312ae3733f2807fe8628fcd8330d7d0b 8014302 doc optional 
samba-doc_3.4.5~dfsg-2_all.deb
 afaa003cb447491960b40142733c3792 6717290 doc optional 
samba-doc-pdf_3.4.5~dfsg-2_all.deb
 14e95cd4fe67198d08b346d9ea692e19 6255600 net optional 
samba_3.4.5~dfsg-2_i386.deb
 bb65858960150ccd8ffd3497c82bb5f0 4780062 net optional 
samba-common-bin_3.4.5~dfsg-2_i386.deb
 eae1c4d8b26136a6f4afbfeed5082acc 9823972 net optional 
samba-tools_3.4.5~dfsg-2_i386.deb
 cbf4f317d9e93c6f2d8f0af5c34b12d0 11397994 net optional 
smbclient_3.4.5~dfsg-2_i386.deb
 f57351eaefee9de05352ede5f75a2f2d 1888328 net optional 
swat_3.4.5~dfsg-2_i386.deb
 537ae47f73640cfed6e21417ec2e1303 1825806 otherosfs optional 
smbfs_3.4.5~dfsg-2_i386.deb
 76de7fdab34491758e2132d5d6f54b42 668506 admin extra 
libpam-smbpass_3.4.5~dfsg-2_i386.deb
 a8efa586a8d9a93b9a0664833b731207 1644894 libs optional 
libsmbclient_3.4.5~dfsg-2_i386.deb
 7d7b3ef163a679d4615c781c65729335 2429320 libdevel extra 
libsmbclient-dev_3.4.5~dfsg-2_i386.deb
 48d07af29d2f13b1744852c2af3bbb38 4374238 net optional 
winbind_3.4.5~dfsg-2_i386.deb
 3f3adf9cf0c388d05b8f6fdfea561a0a 49003040 debug extra 
samba-dbg_3.4.5~dfsg-2_i386.deb
 7cc95e8f880d3213740c2fb650ec58fa 90406 libs optional 
libwbclient0_3.4.5~dfsg-2_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iD8DBQFLdsqI1OXtrMAUPS0RAtwgAJ996g/4+3ubXtiXXrgSPUZnE1n4zACfVjcP
PR9tDfjJGM9zgx5kjNL6NmY=
=UdEU
-----END PGP SIGNATURE-----

--- End Message ---