Bug List: (This bug is not in your last search results)   Show last search results      Search page      Enter new bug
Bug#: 222299
Alias:
Product:
Component:
Status: RESOLVED
Resolution: FIXED
Assigned To: Gentoo Security <security@gentoo.org>
Hardware:
OS:
Version:
Priority:
Severity:
Reporter: Matthias Geerdsen <vorlon@gentoo.org>
Add CC:
CC:
Remove selected CCs
URL:
Summary:
Status Whiteboard:
Keywords:
Flags: Requestee:
 
 
  ()

Filename Description Type Creator Created Size Actions
samba-3.0.28a-CVE-2008-1105.patch samba-3.0.28a-CVE-2008-1105.patch patch Robert Buchholz 2008-05-16 10:24 0000 5.64 KB Details | Diff
samba-3.0.28a-r1.ebuild samba-3.0.28a-r1.ebuild text/plain Tiziano Müller 2008-05-17 12:39 0000 9.17 KB Details
Create a New Attachment (proposed patch, testcase, etc.) View All

Bug 222299 depends on: Show dependency tree
Bug 222299 blocks:

Additional Comments: (this is where you put emerge --info)


Not eligible to see or edit group visibility for this bug.






View Bug Activity   |   Format For Printing   |   XML   |   Clone This Bug

Description:   Opened: 2008-05-15 17:51 0000 
Secunia Research reports a vulnerability in Samba, upstream has been contacted
and is working on a patch. Preliminary disclosure date is 2008-05-28 10am CET.
This is CVE-2008-1105.

The following is an excerpt from the vulnerability report, more details are
available:

Secunia Research has discovered a vulnerability in Samba, which can be
exploited by malicious people to compromise a vulnerable system.

The vulnerability is caused due to a boundary error within the
"receive_smb_raw()" function in lib/util_sock.c when parsing SMB
packets. This can be exploited to cause a heap-based buffer overflow via
an overly large SMB packet received in a client context.

Successful exploitation allows execution of arbitrary code by tricking a
user into connecting to a malicious server (e.g. by clicking an "smb://"
link) or by sending specially crafted packets to an "nmbd" server
configured as a local or domain master browser.

The vulnerability is confirmed in version 3.0.28a. Other versions may
also be affected.

------- Comment #1 From Robert Buchholz 2008-05-16 10:24:40 0000 ------- 
Created an attachment (id=153305) [details]
samba-3.0.28a-CVE-2008-1105.patch

Proposed patch against Samba 3.0.28a, needs to be confirmed.

------- Comment #2 From Robert Buchholz 2008-05-16 16:31:12 0000 ------- 
Secunia confirmed the patch is good. 

Stefan, please prepare an ebuild including the patch and attach it to this bug.
Do not commit anything to CVS and keep any information confidential until the
embargo date. We will perform stable testing on the bug.

------- Comment #3 From Robert Buchholz 2008-05-16 16:32:40 0000 ------- 
Sorry, I meant to say Tiziano. Damn copy and paste.

------- Comment #4 From Tiziano Müller 2008-05-17 05:01:22 0000 ------- 
Ok, will do so this evening.

------- Comment #5 From Tiziano Müller 2008-05-17 12:39:28 0000 ------- 
Created an attachment (id=153419) [details]
samba-3.0.28a-r1.ebuild

here we go (a bit sooner than I expected :-)

Compiles fine here on ~amd64.
Please note that tests are _not_ available anymore (so the arch testers
probably have to start the server and try to access it to test whether it
works).

Please note that the patch has to be named like "3.0.28a-CVE-2008-1105.patch".

------- Comment #6 From Robert Buchholz 2008-05-17 13:08:43 0000 ------- 
Arch Security Liaisons, please test the attached ebuild and report it stable on
this bug.
Target keywords : "alpha amd64 arm hppa ia64 ppc ppc64 release s390 sh sparc
x86"

CC'ing current Liaisons:
   alpha : yoswink
   amd64 : welp
    hppa : jer
     ppc : dertobi123
   ppc64 : corsair
 release : pva
   sparc : fmccor
     x86 : opfer

------- Comment #7 From Markus Rothe 2008-05-18 14:10:39 0000 ------- 
looks good on ppc64

------- Comment #8 From Jeroen Roovers 2008-05-18 15:58:39 0000 ------- 
HPPA is OK.

------- Comment #9 From Jose Luis Rivero (yoswink) 2008-05-18 18:03:45 0000 ------- 
Early testing in alpha is ok.
 - Compiles with default profile use flags.
 - Daemon start without problems.
 - smbclient can connect and browse the shared resource perfeclty.

------- Comment #10 From Ferris McCormick 2008-05-19 12:57:59 0000 ------- 
Patch file name doesn't match what's in the ebuild, and that's a bit annoying. 
That said,
Looks good on sparc.

------- Comment #11 From Tobias Scherbaum 2008-05-19 14:35:30 0000 ------- 
looks good for ppc

------- Comment #12 From Christian Faulhammer 2008-05-20 18:11:49 0000 ------- 
Good to go on x86

------- Comment #13 From Raúl Porcel 2008-05-23 10:24:18 0000 ------- 
looks okay on ia64

------- Comment #14 From Pierre-Yves Rofes 2008-05-28 11:21:47 0000 ------- 
public as per $URL, removing archs liaisons and cc'ing remaining arches.
Tiziano, you may commit with stable keywords gathered. Only amd64 is missing
before we're good to go with a GLSA.

------- Comment #15 From Pierre-Yves Rofes 2008-05-28 11:22:51 0000 ------- 
and actually removing arch liaisons, sorry :/

------- Comment #16 From Markus Meier 2008-05-28 19:02:41 0000 ------- 
(In reply to comment #14)
> public as per $URL, removing archs liaisons and cc'ing remaining arches.
> Tiziano, you may commit with stable keywords gathered. Only amd64 is missing
> before we're good to go with a GLSA.

looks good on amd64. please stabilize it for amd64, too - thanks.

------- Comment #17 From Robert Buchholz 2008-05-29 05:17:16 0000 ------- 
Sorry, I am too much in a hurry to do this myself, can someone commit this
please?

------- Comment #18 From Robert Buchholz 2008-05-29 05:18:50 0000 ------- 
*** Bug 224033 has been marked as a duplicate of this bug. ***

------- Comment #19 From Tiziano Müller 2008-05-29 06:37:55 0000 ------- 
Done. Sorry for the delay.

------- Comment #20 From Pierre-Yves Rofes 2008-05-29 13:10:06 0000 ------- 
all security supported arches done, moving to the GLSA part.

------- Comment #21 From Tobias Heinlein 2008-05-29 19:17:53 0000 ------- 
GLSA 200805-23.
Leaving opened for the remaining arches.

------- Comment #22 From Richard Freeman 2008-05-29 19:55:08 0000 ------- 
*** Bug 224135 has been marked as a duplicate of this bug. ***

------- Comment #23 From Robert Buchholz 2008-05-30 05:09:35 0000 ------- 
Arches, please test and mark stable:
=net-fs/samba-3.0.28a-r1
Target keywords : "alpha amd64 arm hppa ia64 ppc ppc64 release s390 sh sparc
x86"
Already stabled : "alpha amd64 hppa ppc ppc64 sparc x86"
Missing keywords: "arm ia64 release s390 sh"

------- Comment #24 From Robert Buchholz 2008-05-30 05:11:32 0000 ------- 
(In reply to comment #21)
> Leaving opened for the remaining arches.

We don't usually do that. Unsupported arches can easily figure out which bugs
they are still CC'ed to even if they are closed. Is there a reason to leave the
bug open?

------- Comment #25 From Arttu Valo 2008-05-30 10:10:43 0000 ------- 
*** Bug 224215 has been marked as a duplicate of this bug. ***

------- Comment #26 From Raúl Porcel 2008-05-30 10:56:29 0000 ------- 
Hey :( i said ia64 was good...

------- Comment #27 From Peter Volkov 2008-05-30 11:57:52 0000 ------- 
Fixed in release snapshot.

------- Comment #28 From Pierre-Yves Rofes 2008-07-09 21:03:47 0000 ------- 
dunno why this was still open :/
Bug List: (This bug is not in your last search results)   Show last search results      Search page      Enter new bug