[Bug 978458] Re: CVE-2012-1182: "root" credential remote code execution
Launchpad has imported 9 comments from the remote bug at https://bugzilla.redhat.com/show_bug.cgi?id=811392. If you reply to an imported comment from within Launchpad, your comment will be sent to the remote bug automatically. Read more about Launchpad's inter-bugtracker facilities at https://help.launchpad.net/InterBugTracking. On 2012-04-10T21:35:42+00:00 Vincent wrote: This is an automatically created tracking bug! It was created to ensure that one or more security vulnerabilities are fixed in affected Fedora versions. For comments that are specific to the vulnerability please use bugs filed against "Security Response" product referenced in the "Blocks" field. For more information see: http://fedoraproject.org/wiki/Security/TrackingBugs When creating a Bodhi update request, please include this bug ID and the bug IDs of this bug's parent bugs filed against the "Security Response" product (the top-level CVE bugs). Please mention the CVE IDs being fixed in the RPM changelog when available. Bodhi update submission link: https://admin.fedoraproject.org/updates/new/?type_=security=804093 Please note: this issue affects multiple supported versions of Fedora. Only one tracking bug has been filed; please ensure that it is only closed when all affected versions are fixed. [bug automatically created by: add-tracking-bugs] Reply at: https://bugs.launchpad.net/ubuntu/+source/samba/+bug/978458/comments/4 On 2012-04-11T13:06:14+00:00 Jan wrote: *** Bug 811543 has been marked as a duplicate of this bug. *** Reply at: https://bugs.launchpad.net/ubuntu/+source/samba/+bug/978458/comments/8 On 2012-04-12T14:49:04+00:00 Fedora wrote: samba-3.6.4-82.fc17.1 has been submitted as an update for Fedora 17. https://admin.fedoraproject.org/updates/samba-3.6.4-82.fc17.1 Reply at: https://bugs.launchpad.net/ubuntu/+source/samba/+bug/978458/comments/9 On 2012-04-12T14:49:36+00:00 Fedora wrote: samba-3.6.4-82.fc16 has been submitted as an update for Fedora 16. https://admin.fedoraproject.org/updates/samba-3.6.4-82.fc16 Reply at: https://bugs.launchpad.net/ubuntu/+source/samba/+bug/978458/comments/10 On 2012-04-12T14:50:38+00:00 Fedora wrote: samba-3.5.14-73.fc15.1 has been submitted as an update for Fedora 15. https://admin.fedoraproject.org/updates/samba-3.5.14-73.fc15.1 Reply at: https://bugs.launchpad.net/ubuntu/+source/samba/+bug/978458/comments/11 On 2012-04-13T06:12:11+00:00 Fedora wrote: Package samba-3.6.4-82.fc17.1: * should fix your issue, * was pushed to the Fedora 17 testing repository, * should be available at your local mirror within two days. Update it with: # su -c 'yum update --enablerepo=updates-testing samba-3.6.4-82.fc17.1' as soon as you are able to. Please go to the following url: https://admin.fedoraproject.org/updates/FEDORA-2012-5793/samba-3.6.4-82.fc17.1 then log in and leave karma (feedback). Reply at: https://bugs.launchpad.net/ubuntu/+source/samba/+bug/978458/comments/23 On 2012-04-13T21:34:14+00:00 Fedora wrote: samba-3.6.4-82.fc16 has been pushed to the Fedora 16 stable repository. If problems still persist, please make note of it in this bug report. Reply at: https://bugs.launchpad.net/ubuntu/+source/samba/+bug/978458/comments/26 On 2012-04-18T23:09:15+00:00 Fedora wrote: samba-3.6.4-82.fc17.1 has been pushed to the Fedora 17 stable repository. If problems still persist, please make note of it in this bug report. Reply at: https://bugs.launchpad.net/ubuntu/+source/samba/+bug/978458/comments/27 On 2012-04-22T03:27:08+00:00 Fedora wrote: samba-3.5.14-73.fc15.1 has been pushed to the Fedora 15 stable repository. If problems still persist, please make note of it in this bug report. Reply at: https://bugs.launchpad.net/ubuntu/+source/samba/+bug/978458/comments/28 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/978458 Title: CVE-2012-1182: "root" credential remote code execution To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/samba/+bug/978458/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 978458] Re: CVE-2012-1182: "root" credential remote code execution
Launchpad has imported 14 comments from the remote bug at https://bugzilla.redhat.com/show_bug.cgi?id=804093. If you reply to an imported comment from within Launchpad, your comment will be sent to the remote bug automatically. Read more about Launchpad's inter-bugtracker facilities at https://help.launchpad.net/InterBugTracking. On 2012-03-16T14:12:07+00:00 Jan wrote: Multiple heap-based buffer overflow flaws were found in the way the code generated by Perl-based DCE/RPC IDL (PIDL) compiler of the Samba suite performed array memory allocation. Memory for an array having an is_size() attribute has been allocated based on the array length, which was provided by the Network Data Representation (NDR) marshalling code (converting parameters provided to the RPC call by the client to the NDR). On the other hand the loop retrieving array elements for a particular array used variable indicated by the size_is() attribute. A remote attacker could provide a specially-crafted remote procedure call (RPC) parameters, which once processed by the marshalling code of the Samba server would lead to Samba daemon (smbd) crash, or, potentially arbitrary code execution with the privileges of the user running the server. Reply at: https://bugs.launchpad.net/ubuntu/+source/samba/+bug/978458/comments/0 On 2012-04-10T16:44:20+00:00 Vincent wrote: This has been corrected in upstream 3.6.4, 3.5.14, and 3.4.16. External References: http://www.samba.org/samba/history/samba-3.6.4.html Reply at: https://bugs.launchpad.net/ubuntu/+source/samba/+bug/978458/comments/1 On 2012-04-10T20:22:59+00:00 errata-xmlrpc wrote: This issue has been addressed in following products: Red Hat Enterprise Linux 5.6 EUS - Server Only Red Hat Enterprise Linux 5 Via RHSA-2012:0466 https://rhn.redhat.com/errata/RHSA-2012-0466.html Reply at: https://bugs.launchpad.net/ubuntu/+source/samba/+bug/978458/comments/2 On 2012-04-10T21:13:14+00:00 errata-xmlrpc wrote: This issue has been addressed in following products: Red Hat Enterprise Linux 5.3 Long Life Red Hat Enterprise Linux 5.6 EUS - Server Only Red Hat Enterprise Linux 5 Red Hat Enterprise Linux 6.0 EUS - Server Only Red Hat Enterprise Linux 6.1 EUS - Server Only Red Hat Enterprise Linux 6 Via RHSA-2012:0465 https://rhn.redhat.com/errata/RHSA-2012-0465.html Reply at: https://bugs.launchpad.net/ubuntu/+source/samba/+bug/978458/comments/3 On 2012-04-10T21:35:49+00:00 Vincent wrote: Created samba tracking bugs for this issue Affects: fedora-all [bug 811392] Reply at: https://bugs.launchpad.net/ubuntu/+source/samba/+bug/978458/comments/4 On 2012-04-12T14:56:29+00:00 Gwyn wrote: Rawhide has been updated, updates have been created for f17, f16 and f15. Reply at: https://bugs.launchpad.net/ubuntu/+source/samba/+bug/978458/comments/7 On 2012-04-13T08:50:14+00:00 Huzaifa wrote: Created samba4 tracking bugs for this issue Affects: fedora-all [bug 812257] Reply at: https://bugs.launchpad.net/ubuntu/+source/samba/+bug/978458/comments/18 On 2012-04-13T13:54:40+00:00 errata-xmlrpc wrote: This issue has been addressed in following products: Red Hat Enterprise Linux 4 Extended Lifecycle Support Via RHSA-2012:0478 https://rhn.redhat.com/errata/RHSA-2012-0478.html Reply at: https://bugs.launchpad.net/ubuntu/+source/samba/+bug/978458/comments/19 On 2012-04-25T13:27:15+00:00 Tomas wrote: Statement: This issue did not affect the versions of samba packages as shipped with Red Hat Enterprise Linux 3. The samba packages are also excluded from the Red Hat Enterprise Linux 3 Extended Life Cycle Support coverage: http://www.redhat.com/rhel/server/extended_lifecycle_support/exclusions/ Reply at: https://bugs.launchpad.net/ubuntu/+source/samba/+bug/978458/comments/20 On 2012-05-15T23:28:25+00:00 Fedora wrote: samba4-4.0.0-38.alpha16.fc16 has been pushed to the Fedora 16 stable repository. If problems still persist, please make note of it in this bug report. Reply at: https://bugs.launchpad.net/ubuntu/+source/samba/+bug/978458/comments/21 On 2012-09-07T03:52:48+00:00 Huzaifa wrote: Statement: This issue affects the version of samba4, openchange and evolution-mapi packages as shipped with
[Bug 978458] Re: CVE-2012-1182: root credential remote code execution
** Changed in: samba (Debian) Status: New = Fix Released -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to samba in Ubuntu. https://bugs.launchpad.net/bugs/978458 Title: CVE-2012-1182: root credential remote code execution To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/samba/+bug/978458/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 978458] Re: CVE-2012-1182: root credential remote code execution
** Changed in: samba (Debian) Status: New = Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/978458 Title: CVE-2012-1182: root credential remote code execution To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/samba/+bug/978458/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 978458] Re: CVE-2012-1182: root credential remote code execution
** Also affects: samba (Ubuntu Precise) Importance: High Assignee: Tyler Hicks (tyhicks) Status: Confirmed ** Changed in: samba (Ubuntu Precise) Milestone: None = ubuntu-12.04 ** Changed in: samba (Ubuntu Precise) Status: Confirmed = In Progress ** Tags added: rls-p-tracking -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to samba in Ubuntu. https://bugs.launchpad.net/bugs/978458 Title: CVE-2012-1182: root credential remote code execution To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/samba/+bug/978458/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 978458] Re: CVE-2012-1182: root credential remote code execution
** Also affects: samba (Ubuntu Hardy) Importance: Undecided Status: New ** Also affects: samba (Ubuntu Lucid) Importance: Undecided Status: New ** Also affects: samba (Ubuntu Natty) Importance: Undecided Status: New ** Also affects: samba (Ubuntu Oneiric) Importance: Undecided Status: New ** Changed in: samba (Ubuntu Lucid) Status: New = In Progress ** Changed in: samba (Ubuntu Lucid) Importance: Undecided = High ** Changed in: samba (Ubuntu Lucid) Assignee: (unassigned) = Tyler Hicks (tyhicks) ** Changed in: samba (Ubuntu Natty) Status: New = In Progress ** Changed in: samba (Ubuntu Natty) Importance: Undecided = High ** Changed in: samba (Ubuntu Natty) Assignee: (unassigned) = Tyler Hicks (tyhicks) ** Changed in: samba (Ubuntu Oneiric) Status: New = In Progress ** Changed in: samba (Ubuntu Oneiric) Importance: Undecided = High ** Changed in: samba (Ubuntu Oneiric) Assignee: (unassigned) = Tyler Hicks (tyhicks) ** Changed in: samba (Ubuntu Hardy) Status: New = In Progress ** Changed in: samba (Ubuntu Hardy) Importance: Undecided = High ** Changed in: samba (Ubuntu Hardy) Assignee: (unassigned) = Tyler Hicks (tyhicks) -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to samba in Ubuntu. https://bugs.launchpad.net/bugs/978458 Title: CVE-2012-1182: root credential remote code execution To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/samba/+bug/978458/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 978458] Re: CVE-2012-1182: root credential remote code execution
Here is my proposed debdiff for Precise. I'll need a sponsor for this to make it into the release. I've built a package locally with this debdiff. I sanity checked it using the 'umt compare-log', 'umt compare-bin', and 'umt check' tools. I tested it with the reproducers from ZDI, as well as test-samba.py in the qa-regression-testing project. The reproducers were mitigated with the update and tset-samba.py passed successfully. ** Patch added: samba_3.6.3-2ubuntu2.debdiff https://bugs.launchpad.net/ubuntu/+source/samba/+bug/978458/+attachment/3054702/+files/samba_3.6.3-2ubuntu2.debdiff -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to samba in Ubuntu. https://bugs.launchpad.net/bugs/978458 Title: CVE-2012-1182: root credential remote code execution To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/samba/+bug/978458/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 978458] Re: CVE-2012-1182: root credential remote code execution
Hi Tyler, +1 on the diff, that looks good. Note that an alternative to shipping the second patch is to update the generated files from the package itself, so the diff isn't massive; this would require adding make -C source3 samba3-idl as part of the build step and adding libparse-yapp-perl to the build dependencies. I should be able to sponsor, though it's well past my EOD, so it might be better if somebody else could. -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to samba in Ubuntu. https://bugs.launchpad.net/bugs/978458 Title: CVE-2012-1182: root credential remote code execution To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/samba/+bug/978458/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 978458] Re: CVE-2012-1182: root credential remote code execution
Thanks Jelmer! You've probably already noticed, but jdstrand has sponsored it. I was wondering if we could generate the PIDL generated code at build time, but I decided against it for sake of making cherry-picking from upstream stable branches easy in the future. Upstream has reran the PIDL compiler and committed that as a change, so any new security backports that they do will be based upon the regenerated code. It seems like it would be in our best interest to follow what upstream did. Any thoughts? -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to samba in Ubuntu. https://bugs.launchpad.net/bugs/978458 Title: CVE-2012-1182: root credential remote code execution To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/samba/+bug/978458/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 978458] Re: CVE-2012-1182: root credential remote code execution
Ok, now I see that the 3.6 upstream branch places the samba3-idl target underneath 'make all', so I assume that they are now relying on the code generation to happen at build time. Can you confirm this, Jelmer? If that's the case, then we probably do want to follow that convention in our 3.6.x and later packages (currently only found in Precise). The reason is that if we don't do it at build time, but upstream does, one of their patches that we cherry-pick could theoritically need to be ran through PIDL to make proper changes. I _think_ that's the case, but I'm still not quite knowldgeable on the PIDL compiler to know for sure. -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to samba in Ubuntu. https://bugs.launchpad.net/bugs/978458 Title: CVE-2012-1182: root credential remote code execution To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/samba/+bug/978458/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 978458] Re: CVE-2012-1182: root credential remote code execution
The attachment samba_3.6.3-2ubuntu2.debdiff of this bug report has been identified as being a patch in the form of a debdiff. The ubuntu- sponsors team has been subscribed to the bug report so that they can review and hopefully sponsor the debdiff. In the event that this is in fact not a patch you can resolve this situation by removing the tag 'patch' from the bug report and editing the attachment so that it is not flagged as a patch. Additionally, if you are member of the ubuntu- sponsors team please also unsubscribe the team from this bug report. [This is an automated message performed by a Launchpad user owned by Brian Murray. Please contact him regarding any issues with the action taken in this bug report.] ** Tags added: patch -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to samba in Ubuntu. https://bugs.launchpad.net/bugs/978458 Title: CVE-2012-1182: root credential remote code execution To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/samba/+bug/978458/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 978458] Re: CVE-2012-1182: root credential remote code execution
** Branch linked: lp:ubuntu/precise-proposed/samba -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to samba in Ubuntu. https://bugs.launchpad.net/bugs/978458 Title: CVE-2012-1182: root credential remote code execution To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/samba/+bug/978458/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 978458] Re: CVE-2012-1182: root credential remote code execution
This bug was fixed in the package samba - 2:3.5.11~dfsg-1ubuntu2.2 --- samba (2:3.5.11~dfsg-1ubuntu2.2) oneiric-security; urgency=low * SECURITY UPDATE: Unauthenticated remote code execution via RPC calls (LP: #978458) - debian/patches/CVE-2012-1182-1.patch: Fix PIDL compiler to generate code that uses the same value for array allocation and array length checks. Based on upstream patch. - debian/patches/CVE-2012-1182-2.patch: Regenerate PIDL generated files with the patched PIDL compiler - CVE-2012-1182 -- Tyler Hicks tyhi...@canonical.com Thu, 12 Apr 2012 05:28:44 -0500 ** Changed in: samba (Ubuntu Oneiric) Status: In Progress = Fix Released ** Changed in: samba (Ubuntu Natty) Status: In Progress = Fix Released -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to samba in Ubuntu. https://bugs.launchpad.net/bugs/978458 Title: CVE-2012-1182: root credential remote code execution To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/samba/+bug/978458/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 978458] Re: CVE-2012-1182: root credential remote code execution
This bug was fixed in the package samba - 2:3.5.8~dfsg-1ubuntu2.4 --- samba (2:3.5.8~dfsg-1ubuntu2.4) natty-security; urgency=low * SECURITY UPDATE: Unauthenticated remote code execution via RPC calls (LP: #978458) - debian/patches/CVE-2012-1182-1.patch: Fix PIDL compiler to generate code that uses the same value for array allocation and array length checks. Based on upstream patch. - debian/patches/CVE-2012-1182-2.patch: Regenerate PIDL generated files with the patched PIDL compiler - CVE-2012-1182 -- Tyler Hicks tyhi...@canonical.com Thu, 12 Apr 2012 05:28:44 -0500 ** Changed in: samba (Ubuntu Lucid) Status: In Progress = Fix Released -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to samba in Ubuntu. https://bugs.launchpad.net/bugs/978458 Title: CVE-2012-1182: root credential remote code execution To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/samba/+bug/978458/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 978458] Re: CVE-2012-1182: root credential remote code execution
This bug was fixed in the package samba - 2:3.4.7~dfsg-1ubuntu3.9 --- samba (2:3.4.7~dfsg-1ubuntu3.9) lucid-security; urgency=low * SECURITY UPDATE: Unauthenticated remote code execution via RPC calls (LP: #978458) - debian/patches/CVE-2012-1182-1.patch: Fix PIDL compiler to generate code that uses the same value for array allocation and array length checks. Based on upstream patch. - debian/patches/CVE-2012-1182-2.patch: Regenerate PIDL generated files with the patched PIDL compiler - CVE-2012-1182 -- Tyler Hicks tyhi...@canonical.com Thu, 12 Apr 2012 05:28:44 -0500 ** Changed in: samba (Ubuntu Hardy) Status: In Progress = Fix Released -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to samba in Ubuntu. https://bugs.launchpad.net/bugs/978458 Title: CVE-2012-1182: root credential remote code execution To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/samba/+bug/978458/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 978458] Re: CVE-2012-1182: root credential remote code execution
This bug was fixed in the package samba - 3.0.28a-1ubuntu4.18 --- samba (3.0.28a-1ubuntu4.18) hardy-security; urgency=low [ Steve Beattie ] * SECURITY UPDATE: unauthenticated remote code execution via RPC calls (LP: #978458) - debian/patches/security-CVE-2012-1182.patch: make variable length check be consistent with memory allocation size computation. - CVE-2012-1182 -- Tyler Hicks tyhi...@canonical.com Thu, 12 Apr 2012 05:28:44 -0500 -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to samba in Ubuntu. https://bugs.launchpad.net/bugs/978458 Title: CVE-2012-1182: root credential remote code execution To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/samba/+bug/978458/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 978458] Re: CVE-2012-1182: root credential remote code execution
** Branch linked: lp:ubuntu/lucid-security/samba ** Branch linked: lp:ubuntu/oneiric-security/samba ** Branch linked: lp:ubuntu/natty-security/samba ** Branch linked: lp:ubuntu/hardy-security/samba -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to samba in Ubuntu. https://bugs.launchpad.net/bugs/978458 Title: CVE-2012-1182: root credential remote code execution To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/samba/+bug/978458/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 978458] Re: CVE-2012-1182: root credential remote code execution
This bug was fixed in the package samba - 2:3.6.3-2ubuntu2 --- samba (2:3.6.3-2ubuntu2) precise-proposed; urgency=low * SECURITY UPDATE: Unauthenticated remote code execution via RPC calls (LP: #978458) - debian/patches/CVE-2012-1182-1.patch: Fix PIDL compiler to generate code that uses the same value for array allocation and array length checks. Based on upstream patch. - debian/patches/CVE-2012-1182-2.patch: Regenerate PIDL generated files with the patched PIDL compiler - CVE-2012-1182 -- Tyler Hicks tyhi...@canonical.com Thu, 12 Apr 2012 05:28:44 -0500 ** Changed in: samba (Ubuntu Precise) Status: In Progress = Fix Released -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to samba in Ubuntu. https://bugs.launchpad.net/bugs/978458 Title: CVE-2012-1182: root credential remote code execution To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/samba/+bug/978458/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 978458] Re: CVE-2012-1182: root credential remote code execution
** Also affects: samba (Ubuntu Precise) Importance: High Assignee: Tyler Hicks (tyhicks) Status: Confirmed ** Changed in: samba (Ubuntu Precise) Milestone: None = ubuntu-12.04 ** Changed in: samba (Ubuntu Precise) Status: Confirmed = In Progress ** Tags added: rls-p-tracking -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/978458 Title: CVE-2012-1182: root credential remote code execution To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/samba/+bug/978458/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 978458] Re: CVE-2012-1182: root credential remote code execution
** Also affects: samba (Ubuntu Hardy) Importance: Undecided Status: New ** Also affects: samba (Ubuntu Lucid) Importance: Undecided Status: New ** Also affects: samba (Ubuntu Natty) Importance: Undecided Status: New ** Also affects: samba (Ubuntu Oneiric) Importance: Undecided Status: New ** Changed in: samba (Ubuntu Lucid) Status: New = In Progress ** Changed in: samba (Ubuntu Lucid) Importance: Undecided = High ** Changed in: samba (Ubuntu Lucid) Assignee: (unassigned) = Tyler Hicks (tyhicks) ** Changed in: samba (Ubuntu Natty) Status: New = In Progress ** Changed in: samba (Ubuntu Natty) Importance: Undecided = High ** Changed in: samba (Ubuntu Natty) Assignee: (unassigned) = Tyler Hicks (tyhicks) ** Changed in: samba (Ubuntu Oneiric) Status: New = In Progress ** Changed in: samba (Ubuntu Oneiric) Importance: Undecided = High ** Changed in: samba (Ubuntu Oneiric) Assignee: (unassigned) = Tyler Hicks (tyhicks) ** Changed in: samba (Ubuntu Hardy) Status: New = In Progress ** Changed in: samba (Ubuntu Hardy) Importance: Undecided = High ** Changed in: samba (Ubuntu Hardy) Assignee: (unassigned) = Tyler Hicks (tyhicks) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/978458 Title: CVE-2012-1182: root credential remote code execution To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/samba/+bug/978458/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 978458] Re: CVE-2012-1182: root credential remote code execution
Here is my proposed debdiff for Precise. I'll need a sponsor for this to make it into the release. I've built a package locally with this debdiff. I sanity checked it using the 'umt compare-log', 'umt compare-bin', and 'umt check' tools. I tested it with the reproducers from ZDI, as well as test-samba.py in the qa-regression-testing project. The reproducers were mitigated with the update and tset-samba.py passed successfully. ** Patch added: samba_3.6.3-2ubuntu2.debdiff https://bugs.launchpad.net/ubuntu/+source/samba/+bug/978458/+attachment/3054702/+files/samba_3.6.3-2ubuntu2.debdiff -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/978458 Title: CVE-2012-1182: root credential remote code execution To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/samba/+bug/978458/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 978458] Re: CVE-2012-1182: root credential remote code execution
Hi Tyler, +1 on the diff, that looks good. Note that an alternative to shipping the second patch is to update the generated files from the package itself, so the diff isn't massive; this would require adding make -C source3 samba3-idl as part of the build step and adding libparse-yapp-perl to the build dependencies. I should be able to sponsor, though it's well past my EOD, so it might be better if somebody else could. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/978458 Title: CVE-2012-1182: root credential remote code execution To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/samba/+bug/978458/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 978458] Re: CVE-2012-1182: root credential remote code execution
Thanks Jelmer! You've probably already noticed, but jdstrand has sponsored it. I was wondering if we could generate the PIDL generated code at build time, but I decided against it for sake of making cherry-picking from upstream stable branches easy in the future. Upstream has reran the PIDL compiler and committed that as a change, so any new security backports that they do will be based upon the regenerated code. It seems like it would be in our best interest to follow what upstream did. Any thoughts? -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/978458 Title: CVE-2012-1182: root credential remote code execution To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/samba/+bug/978458/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 978458] Re: CVE-2012-1182: root credential remote code execution
Ok, now I see that the 3.6 upstream branch places the samba3-idl target underneath 'make all', so I assume that they are now relying on the code generation to happen at build time. Can you confirm this, Jelmer? If that's the case, then we probably do want to follow that convention in our 3.6.x and later packages (currently only found in Precise). The reason is that if we don't do it at build time, but upstream does, one of their patches that we cherry-pick could theoritically need to be ran through PIDL to make proper changes. I _think_ that's the case, but I'm still not quite knowldgeable on the PIDL compiler to know for sure. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/978458 Title: CVE-2012-1182: root credential remote code execution To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/samba/+bug/978458/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 978458] Re: CVE-2012-1182: root credential remote code execution
The attachment samba_3.6.3-2ubuntu2.debdiff of this bug report has been identified as being a patch in the form of a debdiff. The ubuntu- sponsors team has been subscribed to the bug report so that they can review and hopefully sponsor the debdiff. In the event that this is in fact not a patch you can resolve this situation by removing the tag 'patch' from the bug report and editing the attachment so that it is not flagged as a patch. Additionally, if you are member of the ubuntu- sponsors team please also unsubscribe the team from this bug report. [This is an automated message performed by a Launchpad user owned by Brian Murray. Please contact him regarding any issues with the action taken in this bug report.] ** Tags added: patch -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/978458 Title: CVE-2012-1182: root credential remote code execution To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/samba/+bug/978458/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 978458] Re: CVE-2012-1182: root credential remote code execution
** Branch linked: lp:ubuntu/precise-proposed/samba -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/978458 Title: CVE-2012-1182: root credential remote code execution To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/samba/+bug/978458/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 978458] Re: CVE-2012-1182: root credential remote code execution
This bug was fixed in the package samba - 2:3.5.11~dfsg-1ubuntu2.2 --- samba (2:3.5.11~dfsg-1ubuntu2.2) oneiric-security; urgency=low * SECURITY UPDATE: Unauthenticated remote code execution via RPC calls (LP: #978458) - debian/patches/CVE-2012-1182-1.patch: Fix PIDL compiler to generate code that uses the same value for array allocation and array length checks. Based on upstream patch. - debian/patches/CVE-2012-1182-2.patch: Regenerate PIDL generated files with the patched PIDL compiler - CVE-2012-1182 -- Tyler Hicks tyhi...@canonical.com Thu, 12 Apr 2012 05:28:44 -0500 ** Changed in: samba (Ubuntu Oneiric) Status: In Progress = Fix Released ** Changed in: samba (Ubuntu Natty) Status: In Progress = Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/978458 Title: CVE-2012-1182: root credential remote code execution To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/samba/+bug/978458/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 978458] Re: CVE-2012-1182: root credential remote code execution
This bug was fixed in the package samba - 2:3.5.8~dfsg-1ubuntu2.4 --- samba (2:3.5.8~dfsg-1ubuntu2.4) natty-security; urgency=low * SECURITY UPDATE: Unauthenticated remote code execution via RPC calls (LP: #978458) - debian/patches/CVE-2012-1182-1.patch: Fix PIDL compiler to generate code that uses the same value for array allocation and array length checks. Based on upstream patch. - debian/patches/CVE-2012-1182-2.patch: Regenerate PIDL generated files with the patched PIDL compiler - CVE-2012-1182 -- Tyler Hicks tyhi...@canonical.com Thu, 12 Apr 2012 05:28:44 -0500 ** Changed in: samba (Ubuntu Lucid) Status: In Progress = Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/978458 Title: CVE-2012-1182: root credential remote code execution To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/samba/+bug/978458/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 978458] Re: CVE-2012-1182: root credential remote code execution
This bug was fixed in the package samba - 2:3.4.7~dfsg-1ubuntu3.9 --- samba (2:3.4.7~dfsg-1ubuntu3.9) lucid-security; urgency=low * SECURITY UPDATE: Unauthenticated remote code execution via RPC calls (LP: #978458) - debian/patches/CVE-2012-1182-1.patch: Fix PIDL compiler to generate code that uses the same value for array allocation and array length checks. Based on upstream patch. - debian/patches/CVE-2012-1182-2.patch: Regenerate PIDL generated files with the patched PIDL compiler - CVE-2012-1182 -- Tyler Hicks tyhi...@canonical.com Thu, 12 Apr 2012 05:28:44 -0500 ** Changed in: samba (Ubuntu Hardy) Status: In Progress = Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/978458 Title: CVE-2012-1182: root credential remote code execution To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/samba/+bug/978458/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 978458] Re: CVE-2012-1182: root credential remote code execution
This bug was fixed in the package samba - 3.0.28a-1ubuntu4.18 --- samba (3.0.28a-1ubuntu4.18) hardy-security; urgency=low [ Steve Beattie ] * SECURITY UPDATE: unauthenticated remote code execution via RPC calls (LP: #978458) - debian/patches/security-CVE-2012-1182.patch: make variable length check be consistent with memory allocation size computation. - CVE-2012-1182 -- Tyler Hicks tyhi...@canonical.com Thu, 12 Apr 2012 05:28:44 -0500 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/978458 Title: CVE-2012-1182: root credential remote code execution To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/samba/+bug/978458/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 978458] Re: CVE-2012-1182: root credential remote code execution
** Branch linked: lp:ubuntu/lucid-security/samba ** Branch linked: lp:ubuntu/oneiric-security/samba ** Branch linked: lp:ubuntu/natty-security/samba ** Branch linked: lp:ubuntu/hardy-security/samba -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/978458 Title: CVE-2012-1182: root credential remote code execution To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/samba/+bug/978458/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 978458] Re: CVE-2012-1182: root credential remote code execution
This bug was fixed in the package samba - 2:3.6.3-2ubuntu2 --- samba (2:3.6.3-2ubuntu2) precise-proposed; urgency=low * SECURITY UPDATE: Unauthenticated remote code execution via RPC calls (LP: #978458) - debian/patches/CVE-2012-1182-1.patch: Fix PIDL compiler to generate code that uses the same value for array allocation and array length checks. Based on upstream patch. - debian/patches/CVE-2012-1182-2.patch: Regenerate PIDL generated files with the patched PIDL compiler - CVE-2012-1182 -- Tyler Hicks tyhi...@canonical.com Thu, 12 Apr 2012 05:28:44 -0500 ** Changed in: samba (Ubuntu Precise) Status: In Progress = Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/978458 Title: CVE-2012-1182: root credential remote code execution To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/samba/+bug/978458/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 978458] Re: CVE-2012-1182: root credential remote code execution
Thanks, Ryan! We are aware of the issue and we are currently working on an update. ** Changed in: samba (Ubuntu) Status: New = Confirmed ** Changed in: samba (Ubuntu) Assignee: (unassigned) = Tyler Hicks (tyhicks) ** Changed in: samba (Ubuntu) Importance: Undecided = High -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to samba in Ubuntu. https://bugs.launchpad.net/bugs/978458 Title: CVE-2012-1182: root credential remote code execution To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/samba/+bug/978458/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 978458] Re: CVE-2012-1182: root credential remote code execution
** Changed in: samba (Debian) Status: Unknown = New -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to samba in Ubuntu. https://bugs.launchpad.net/bugs/978458 Title: CVE-2012-1182: root credential remote code execution To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/samba/+bug/978458/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 978458] Re: CVE-2012-1182: root credential remote code execution
Thanks, Ryan! We are aware of the issue and we are currently working on an update. ** Changed in: samba (Ubuntu) Status: New = Confirmed ** Changed in: samba (Ubuntu) Assignee: (unassigned) = Tyler Hicks (tyhicks) ** Changed in: samba (Ubuntu) Importance: Undecided = High -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/978458 Title: CVE-2012-1182: root credential remote code execution To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/samba/+bug/978458/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 978458] Re: CVE-2012-1182: root credential remote code execution
** Changed in: samba (Debian) Status: Unknown = New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/978458 Title: CVE-2012-1182: root credential remote code execution To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/samba/+bug/978458/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 978458] Re: CVE-2012-1182: root credential remote code execution
** Bug watch added: Red Hat Bugzilla #804093 https://bugzilla.redhat.com/show_bug.cgi?id=804093 ** Also affects: samba (CentOS) via https://bugzilla.redhat.com/show_bug.cgi?id=804093 Importance: Unknown Status: Unknown ** Bug watch added: Red Hat Bugzilla #811392 https://bugzilla.redhat.com/show_bug.cgi?id=811392 ** Also affects: samba (Fedora) via https://bugzilla.redhat.com/show_bug.cgi?id=811392 Importance: Unknown Status: Unknown -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/978458 Title: CVE-2012-1182: root credential remote code execution To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/samba/+bug/978458/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
