Debian Bug report logs - #424629
security upgrade broke permissions check

version graph

Package: samba; Maintainer for samba is Debian Samba Maintainers <pkg-samba-maint@lists.alioth.debian.org>; Source for samba is src:samba.

Reported by: Kai Henningsen <kai.caahafbgbfeaba.S@cats.ms>

Date: Wed, 16 May 2007 13:42:02 UTC

Severity: serious

Found in version 3.0.24-6etch1

Fixed in versions samba/3.0.25a-1, samba/3.0.24-6etch2

Done: Christian Perrier <bubulle@debian.org>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to debian-bugs-dist@lists.debian.org, Debian Samba Maintainers <pkg-samba-maint@lists.alioth.debian.org>:
Bug#424629; Package samba. Full text and rfc822 format available.

Acknowledgement sent to Kai Henningsen <kai.caahafbgbfeaba.S@cats.ms>:
New Bug report received and forwarded. Copy sent to Debian Samba Maintainers <pkg-samba-maint@lists.alioth.debian.org>. Full text and rfc822 format available.

Message #5 received at submit@bugs.debian.org (full text, mbox):

From: Kai Henningsen <kai.caahafbgbfeaba.S@cats.ms>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: security upgrade broke permissions check
Date: Wed, 16 May 2007 15:40:09 +0200
Package: samba
Version: 3.0.24-6etch1
Severity: important

(Versions below from after I downgraded Samba: 3.0.24-6 works fine.)

Symptoms: on a share with "force group" set, users no longer have access
according to their usual groups; as newly created files (correctly) have
the forced group, presumably somehow samba lost the supplementary group
list.

This seriously broke this machine.

-- System Information:
Debian Release: 4.0
  APT prefers stable
  APT policy: (985, 'stable'), (501, 'oldstable'), (501, 'stable'), (500, 'testing-proposed-updates'), (500, 'proposed-updates'), (500, 'unstable'), (1, 'experimental')
Architecture: i386 (i686)
Shell:  /bin/sh linked to /bin/bash
Kernel: Linux 2.6.8+lisbeth.20050206
Locale: LANG=de_DE, LC_CTYPE=de_DE (charmap=ISO-8859-1)

Versions of packages samba depends on:
ii  debconf  1.5.11                          Debian configuration management sy
ii  libacl1  2.2.41-1                        Access control list shared library
ii  libattr1 2.4.32-1                        Extended attribute shared library
ii  libc6    2.3.6.ds1-13                    GNU C Library: Shared libraries
ii  libcomer 1.39+1.40-WIP-2006.11.14+dfsg-2 common error description library
ii  libcupsy 1.2.7-4                         Common UNIX Printing System(tm) - 
ii  libgnutl 1.4.4-3                         the GNU TLS library - runtime libr
ii  libkrb53 1.4.4-7etch1                    MIT Kerberos runtime libraries
ii  libldap2 2.1.30-13.3                     OpenLDAP libraries
ii  libpam-m 0.79-4                          Pluggable Authentication Modules f
ii  libpam-r 0.79-4                          Runtime support for the PAM librar
ii  libpam0g 0.79-4                          Pluggable Authentication Modules l
ii  libpopt0 1.10-3                          lib for parsing cmdline parameters
ii  logrotat 3.7.1-3                         Log rotation utility
ii  lsb-base 3.1-23.1                        Linux Standard Base 3.1 init scrip
ii  netbase  4.29                            Basic TCP/IP networking system
ii  procps   1:3.2.7-3                       /proc file system utilities
ii  samba-co 3.0.24-6                        Samba common files used by both th
ii  zlib1g   1:1.2.3-13                      compression library - runtime

Versions of packages samba recommends:
pn  smbldap-tools                 <none>     (no description available)

-- debconf information:
  samba/nmbd_from_inetd:
* samba/log_files_moved:
* samba/tdbsam: true
* samba/generate_smbpasswd: true
* samba/run_mode: daemons



Information forwarded to debian-bugs-dist@lists.debian.org, Debian Samba Maintainers <pkg-samba-maint@lists.alioth.debian.org>:
Bug#424629; Package samba. Full text and rfc822 format available.

Acknowledgement sent to Christian Perrier <bubulle@debian.org>:
Extra info received and forwarded to list. Copy sent to Debian Samba Maintainers <pkg-samba-maint@lists.alioth.debian.org>. Full text and rfc822 format available.

Message #10 received at 424629@bugs.debian.org (full text, mbox):

From: Christian Perrier <bubulle@debian.org>
To: Kai Henningsen <kai.caahafbgbfeaba.S@cats.ms>, 424629@bugs.debian.org
Cc: team@security.debian.org
Subject: Re: Bug#424629: security upgrade broke permissions check
Date: Wed, 16 May 2007 18:23:38 +0200
[Message part 1 (text/plain, inline)]
severity 424629 serious
thanks

Quoting Kai Henningsen (kai.caahafbgbfeaba.S@cats.ms):
> Package: samba
> Version: 3.0.24-6etch1
> Severity: important
> 
> (Versions below from after I downgraded Samba: 3.0.24-6 works fine.)


Hmmm, OK, that's enough. There are now enough such issues raised to
prevent us to allow 3.0.25-1 to migrate to testing too quickly, until
all this is examined.

As a consequence, I raise the severity of this bug report to make it
RC. There are probably very few chances that samba migrates to testing
quickly, because of an untransitioned libc6, but better be careful.

Other samba maintainers and security team: do you think we should do
somethign for users of testing? They're left without a decent answer
to the recent security issues if 3.0.25-1 does not enter testing,
unless they have the etch security updates listed in their
sources.list




[signature.asc (application/pgp-signature, inline)]

Severity set to `serious' from `important' Request was from Christian Perrier <bubulle@debian.org> to control@bugs.debian.org. (Wed, 16 May 2007 18:33:03 GMT) Full text and rfc822 format available.

Information forwarded to debian-bugs-dist@lists.debian.org, Debian Samba Maintainers <pkg-samba-maint@lists.alioth.debian.org>:
Bug#424629; Package samba. Full text and rfc822 format available.

Acknowledgement sent to 424629@bugs.debian.org:
Extra info received and forwarded to list. Copy sent to Debian Samba Maintainers <pkg-samba-maint@lists.alioth.debian.org>. Full text and rfc822 format available.

Message #17 received at 424629@bugs.debian.org (full text, mbox):

From: Christian Perrier <bubulle@debian.org>
To: Kai Henningsen <kai.caahafbgbfeaba.S@cats.ms>, 424629@bugs.debian.org
Subject: Re: Bug#424629: security upgrade broke permissions check
Date: Thu, 17 May 2007 11:10:17 +0200
[Message part 1 (text/plain, inline)]
Quoting Kai Henningsen (kai.caahafbgbfeaba.S@cats.ms):
> Package: samba
> Version: 3.0.24-6etch1
> Severity: important
> 
> (Versions below from after I downgraded Samba: 3.0.24-6 works fine.)
> 
> Symptoms: on a share with "force group" set, users no longer have access
> according to their usual groups; as newly created files (correctly) have
> the forced group, presumably somehow samba lost the supplementary group
> list.
> 
> This seriously broke this machine.


I'm afraid I don't really get all the needed information to properly
process this bug report.

Your complete smb.conf file would help as well as the permissions on
the offending directory and the users/group mapping (which users
belong to what group, at least for the groups involved i the problem
you describe)

Of course, providing a level 10 log file (hopefully restricted to that
directory) would help, in case you're in position of reproducing the
bug again (which may be hard on a production server).


[signature.asc (application/pgp-signature, inline)]

Information forwarded to debian-bugs-dist@lists.debian.org, Debian Samba Maintainers <pkg-samba-maint@lists.alioth.debian.org>:
Bug#424629; Package samba. Full text and rfc822 format available.

Acknowledgement sent to Noah Meyerhans <noahm@debian.org>:
Extra info received and forwarded to list. Copy sent to Debian Samba Maintainers <pkg-samba-maint@lists.alioth.debian.org>. Full text and rfc822 format available.

Message #22 received at 424629@bugs.debian.org (full text, mbox):

From: Noah Meyerhans <noahm@debian.org>
To: Christian Perrier <bubulle@debian.org>
Cc: Kai Henningsen <kai.caahafbgbfeaba.S@cats.ms>, 424629@bugs.debian.org, team@security.debian.org
Subject: Re: Bug#424629: security upgrade broke permissions check
Date: Thu, 17 May 2007 06:22:28 -0400
[Message part 1 (text/plain, inline)]
On Wed, May 16, 2007 at 06:23:38PM +0200, Christian Perrier wrote:
> Hmmm, OK, that's enough. There are now enough such issues raised to
> prevent us to allow 3.0.25-1 to migrate to testing too quickly, until
> all this is examined.
> 
> As a consequence, I raise the severity of this bug report to make it
> RC. There are probably very few chances that samba migrates to testing
> quickly, because of an untransitioned libc6, but better be careful.
> 
> Other samba maintainers and security team: do you think we should do
> somethign for users of testing? They're left without a decent answer
> to the recent security issues if 3.0.25-1 does not enter testing,
> unless they have the etch security updates listed in their
> sources.list

I haven't looked very closely at what's going on, but I bet the problem
is related to the fix for CVE-2007-2444, which changes the way in which
samba gets root access when it needs it.  It switches from
become_root_uid_only() to become_root().  The names of those functions
suggest that previously the group membership would not change, but now
it might.

The issue sounds like it must be upstream, not Debian-specific.  Have
you heard anything from them?

I'm not sure what you should do for testing users (or stable, or anybody
else), since there currently is no security-fixed version that doesn't
break functionality.  Figuring out how we can fix this problem in stable
is my priority.  If we can figure out a way to fix the vulnerabilities
without breaking functionality, the secure-testing team ought to be able
to help by uploading to testing-security.

noah

[signature.asc (application/pgp-signature, inline)]

Information forwarded to debian-bugs-dist@lists.debian.org, Debian Samba Maintainers <pkg-samba-maint@lists.alioth.debian.org>:
Bug#424629; Package samba. Full text and rfc822 format available.

Acknowledgement sent to Christian Perrier <bubulle@debian.org>:
Extra info received and forwarded to list. Copy sent to Debian Samba Maintainers <pkg-samba-maint@lists.alioth.debian.org>. Full text and rfc822 format available.

Message #27 received at 424629@bugs.debian.org (full text, mbox):

From: Christian Perrier <bubulle@debian.org>
To: samba@lists.samba.org
Cc: 424629@bugs.debian.org
Subject: Re: [Samba] force group to Unix group in 3.0.25
Date: Fri, 18 May 2007 19:22:11 +0200
> Our bug.  I fixed it last night for next week's 3.0.25a release
> (http://wiki.samba.org/index.php/Release_Planning_for_Samba_3.0).
> 
> You can either retest against the SAMBA_3_0_25 svn tree or I
> can send you a patch.


Jerry, apparently this bug hits Debian's version in etch as it
appeared after the security fix for CVE-2007-2444. See
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=424629

As you certainly know, upgrading the version in etch to 3.0.25a is out
of question, so we need to patch the 3.0.24 version to fix this.

So, if you have the patch handy, we'd be deeply interested.

Is there a bug report for this issue in Samba's BTS? I can't find one.





Information forwarded to debian-bugs-dist@lists.debian.org, Debian Samba Maintainers <pkg-samba-maint@lists.alioth.debian.org>:
Bug#424629; Package samba. Full text and rfc822 format available.

Acknowledgement sent to Christian Perrier <bubulle@debian.org>:
Extra info received and forwarded to list. Copy sent to Debian Samba Maintainers <pkg-samba-maint@lists.alioth.debian.org>. Full text and rfc822 format available.

Message #32 received at 424629@bugs.debian.org (full text, mbox):

From: Christian Perrier <bubulle@debian.org>
To: 424629@bugs.debian.org
Cc: Kai Henningsen <kai.caahafbgbfeaba.S@cats.ms>, team@security.debian.org
Subject: Re: Bug#424629: security upgrade broke permissions check.
Date: Fri, 18 May 2007 19:28:24 +0200
[Message part 1 (text/plain, inline)]
> I haven't looked very closely at what's going on, but I bet the problem
> is related to the fix for CVE-2007-2444, which changes the way in which
> samba gets root access when it needs it.  It switches from
> become_root_uid_only() to become_root().  The names of those functions
> suggest that previously the group membership would not change, but now
> it might.
> 
> The issue sounds like it must be upstream, not Debian-specific.  Have
> you heard anything from them?
> 
> I'm not sure what you should do for testing users (or stable, or anybody
> else), since there currently is no security-fixed version that doesn't
> break functionality.  Figuring out how we can fix this problem in stable
> is my priority.  If we can figure out a way to fix the vulnerabilities
> without breaking functionality, the secure-testing team ought to be able
> to help by uploading to testing-security.


The Samba Team just agreed in
http://lists.samba.org/archive/samba/2007-May/132056.html that this is
a bug in 3.0.25 *and probably in the security patches*, which will be
fixed in 3.0.25a.

I just asked jerry Carter for the bug's patch so that we can apply it
to 3.0.24-6etch1 and reupload a fixed version to etch.

I think that this bug deserves it. breaking shares with "force group"
will break a lot of servers. And we need to fix this quickly, imho.


[signature.asc (application/pgp-signature, inline)]

Information forwarded to debian-bugs-dist@lists.debian.org, Debian Samba Maintainers <pkg-samba-maint@lists.alioth.debian.org>:
Bug#424629; Package samba. Full text and rfc822 format available.

Acknowledgement sent to "Gerald (Jerry) Carter" <jerry@samba.org>:
Extra info received and forwarded to list. Copy sent to Debian Samba Maintainers <pkg-samba-maint@lists.alioth.debian.org>. Full text and rfc822 format available.

Message #37 received at 424629@bugs.debian.org (full text, mbox):

From: "Gerald (Jerry) Carter" <jerry@samba.org>
To: Christian Perrier <bubulle@debian.org>
Cc: samba@lists.samba.org, 424629@bugs.debian.org
Subject: Re: [Samba] force group to Unix group in 3.0.25
Date: Fri, 18 May 2007 12:38:16 -0500
[Message part 1 (text/plain, inline)]
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Christian Perrier wrote:
>> Our bug.  I fixed it last night for next week's 3.0.25a release
>> (http://wiki.samba.org/index.php/Release_Planning_for_Samba_3.0).
>>
>> You can either retest against the SAMBA_3_0_25 svn tree or I
>> can send you a patch.
> 
> 
> Jerry, apparently this bug hits Debian's version in etch as it
> appeared after the security fix for CVE-2007-2444. See
> http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=424629
> 
> As you certainly know, upgrading the version in etch 
> to 3.0.25a is out of question, so we need to patch the
> 3.0.24 version to fix this.
>
> So, if you have the patch handy, we'd be deeply interested.

Ah yeah.  I didn't think about that.  Attached.

> Is there a bug report for this issue in Samba's BTS? I can't 
> find one.

Note sure.  We went back and forth with David Rankin on it
getting the necessary information.





cheers, jerry
=====================================================================
Samba                                    ------- http://www.samba.org
Centeris                         -----------  http://www.centeris.com
"What man is a man who does not make the world better?"      --Balian
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFGTeSIIR7qMdg1EfYRAoygAJ9zPh6jIMt5ri9UzuNLtEgiiDekHQCgndPF
DyDNcagDKoir8QjGfBZPY1o=
=w3wZ
-----END PGP SIGNATURE-----
[look (text/plain, inline)]
=== modified file 'source/smbd/uid.c'
--- source/smbd/uid.c	2007-05-12 16:45:55 +0000
+++ source/smbd/uid.c	2007-05-18 17:33:11 +0000
@@ -151,7 +151,9 @@
 	char group_c;
 	BOOL must_free_token = False;
 	NT_USER_TOKEN *token = NULL;
-
+	int num_groups = 0;
+	gid_t *group_list = NULL;
+	
 	if (!conn) {
 		DEBUG(2,("change_to_user: Connection not open\n"));
 		return(False);
@@ -190,14 +192,14 @@
 	if (conn->force_user) /* security = share sets this too */ {
 		uid = conn->uid;
 		gid = conn->gid;
-		current_user.ut.groups = conn->groups;
-		current_user.ut.ngroups = conn->ngroups;
+	        group_list = conn->groups;
+		num_groups = conn->ngroups;
 		token = conn->nt_user_token;
 	} else if (vuser) {
 		uid = conn->admin_user ? 0 : vuser->uid;
 		gid = vuser->gid;
-		current_user.ut.ngroups = vuser->n_groups;
-		current_user.ut.groups  = vuser->groups;
+		num_groups = vuser->n_groups;
+		group_list  = vuser->groups;
 		token = vuser->nt_user_token;
 	} else {
 		DEBUG(2,("change_to_user: Invalid vuid used %d in accessing "
@@ -230,8 +232,8 @@
 			 */
 
 			int i;
-			for (i = 0; i < current_user.ut.ngroups; i++) {
-				if (current_user.ut.groups[i] == conn->gid) {
+			for (i = 0; i < num_groups; i++) {
+				if (group_list[i] == conn->gid) {
 					gid = conn->gid;
 					gid_to_sid(&token->user_sids[1], gid);
 					break;
@@ -243,6 +245,12 @@
 		}
 	}
 	
+	/* Now set current_user since we will immediately also call
+	   set_sec_ctx() */
+
+	current_user.ut.ngroups = num_groups;
+	current_user.ut.groups  = group_list;	
+
 	set_sec_ctx(uid, gid, current_user.ut.ngroups, current_user.ut.groups,
 		    token);
 


Information forwarded to debian-bugs-dist@lists.debian.org, Debian Samba Maintainers <pkg-samba-maint@lists.alioth.debian.org>:
Bug#424629; Package samba. Full text and rfc822 format available.

Acknowledgement sent to "david rankin" <drankinatty@suddenlinkmail.com>:
Extra info received and forwarded to list. Copy sent to Debian Samba Maintainers <pkg-samba-maint@lists.alioth.debian.org>. Full text and rfc822 format available.

Message #42 received at 424629@bugs.debian.org (full text, mbox):

From: "david rankin" <drankinatty@suddenlinkmail.com>
To: "Gerald \(Jerry\) Carter" <jerry@samba.org>, "Christian Perrier" <bubulle@debian.org>
Cc: <samba@lists.samba.org>, <424629@bugs.debian.org>
Subject: Re: [Samba] force group to Unix group in 3.0.25
Date: Fri, 18 May 2007 13:16:25 -0500
From: "Gerald (Jerry) Carter"
>
> Christian Perrier wrote:
>>> Our bug.  I fixed it last night for next week's 3.0.25a release
>>> (http://wiki.samba.org/index.php/Release_Planning_for_Samba_3.0).
>>>
>>> You can either retest against the SAMBA_3_0_25 svn tree or I
>>> can send you a patch.
>>
>>
>> Jerry, apparently this bug hits Debian's version in etch as it
>> appeared after the security fix for CVE-2007-2444. See
>> http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=424629
>>
>> As you certainly know, upgrading the version in etch
>> to 3.0.25a is out of question, so we need to patch the
>> 3.0.24 version to fix this.
>>
>> So, if you have the patch handy, we'd be deeply interested.
>
> Ah yeah.  I didn't think about that.  Attached.
>
>> Is there a bug report for this issue in Samba's BTS? I can't
>> find one.
>
> Note sure.  We went back and forth with David Rankin on it
> getting the necessary information.
>
>

Jerry,

   The patch is working fine. I have had it running on the production 
machine at work since 12:00 am and there have been no *howls* from the rest 
of the minions........ and I haven't run into any trouble.

--
David C. Rankin, J.D., P.E.
510 Ochiltree Street
Nacogdoches, Texas 75961
(936) 715-9333
(936) 715-9339 fax
www.rankinlawfirm.com
--


--------------------------------------------------------------------------------


> === modified file 'source/smbd/uid.c'
> --- source/smbd/uid.c 2007-05-12 16:45:55 +0000
> +++ source/smbd/uid.c 2007-05-18 17:33:11 +0000
> @@ -151,7 +151,9 @@
>  char group_c;
>  BOOL must_free_token = False;
>  NT_USER_TOKEN *token = NULL;
> -
> + int num_groups = 0;
> + gid_t *group_list = NULL;
> +
>  if (!conn) {
>  DEBUG(2,("change_to_user: Connection not open\n"));
>  return(False);
> @@ -190,14 +192,14 @@
>  if (conn->force_user) /* security = share sets this too */ {
>  uid = conn->uid;
>  gid = conn->gid;
> - current_user.ut.groups = conn->groups;
> - current_user.ut.ngroups = conn->ngroups;
> +         group_list = conn->groups;
> + num_groups = conn->ngroups;
>  token = conn->nt_user_token;
>  } else if (vuser) {
>  uid = conn->admin_user ? 0 : vuser->uid;
>  gid = vuser->gid;
> - current_user.ut.ngroups = vuser->n_groups;
> - current_user.ut.groups  = vuser->groups;
> + num_groups = vuser->n_groups;
> + group_list  = vuser->groups;
>  token = vuser->nt_user_token;
>  } else {
>  DEBUG(2,("change_to_user: Invalid vuid used %d in accessing "
> @@ -230,8 +232,8 @@
>  */
>
>  int i;
> - for (i = 0; i < current_user.ut.ngroups; i++) {
> - if (current_user.ut.groups[i] == conn->gid) {
> + for (i = 0; i < num_groups; i++) {
> + if (group_list[i] == conn->gid) {
>  gid = conn->gid;
>  gid_to_sid(&token->user_sids[1], gid);
>  break;
> @@ -243,6 +245,12 @@
>  }
>  }
>
> + /* Now set current_user since we will immediately also call
> +    set_sec_ctx() */
> +
> + current_user.ut.ngroups = num_groups;
> + current_user.ut.groups  = group_list;
> +
>  set_sec_ctx(uid, gid, current_user.ut.ngroups, current_user.ut.groups,
>      token);
>
>
>


--------------------------------------------------------------------------------


> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/listinfo/samba 




Information forwarded to debian-bugs-dist@lists.debian.org, Debian Samba Maintainers <pkg-samba-maint@lists.alioth.debian.org>:
Bug#424629; Package samba. Full text and rfc822 format available.

Acknowledgement sent to "Gerald (Jerry) Carter" <jerry@samba.org>:
Extra info received and forwarded to list. Copy sent to Debian Samba Maintainers <pkg-samba-maint@lists.alioth.debian.org>. Full text and rfc822 format available.

Message #47 received at 424629@bugs.debian.org (full text, mbox):

From: "Gerald (Jerry) Carter" <jerry@samba.org>
To: david rankin <drankinatty@suddenlinkmail.com>
Cc: Christian Perrier <bubulle@debian.org>, samba@lists.samba.org, 424629@bugs.debian.org
Subject: Re: [Samba] force group to Unix group in 3.0.25
Date: Fri, 18 May 2007 13:24:42 -0500
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

david rankin wrote:

>    The patch is working fine. I have had it running on 
> the production machine at work since 12:00 am and there
> have been no *howls* from the rest of the minions........
> and I haven't run into any trouble.

OK.  Thanks.  I'll push out a new patched 3.0.24 snapshot
for people if they don't want to patch on their own.
Thanks for testing.


cheers, jerry
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFGTe9qIR7qMdg1EfYRAmp7AKDzoQmu7GH7akyDdBlZA/HjfsNwYgCg4yb2
oM6eI8lAJSnHrI3prx/da+0=
=OOxm
-----END PGP SIGNATURE-----



Information forwarded to debian-bugs-dist@lists.debian.org, Debian Samba Maintainers <pkg-samba-maint@lists.alioth.debian.org>:
Bug#424629; Package samba. Full text and rfc822 format available.

Acknowledgement sent to Christian Perrier <bubulle@debian.org>:
Extra info received and forwarded to list. Copy sent to Debian Samba Maintainers <pkg-samba-maint@lists.alioth.debian.org>. Full text and rfc822 format available.

Message #52 received at 424629@bugs.debian.org (full text, mbox):

From: Christian Perrier <bubulle@debian.org>
To: david rankin <drankinatty@suddenlinkmail.com>
Cc: samba@lists.samba.org, 424629@bugs.debian.org
Subject: Re: [Samba] force group to Unix group in 3.0.25
Date: Sat, 19 May 2007 07:33:32 +0200
[Message part 1 (text/plain, inline)]
> Jerry,
> 
>    The patch is working fine. I have had it running on the production 
> machine at work since 12:00 am and there have been no *howls* from the rest 
> of the minions........ and I haven't run into any trouble.


Guys, I want to double check the patch to 3.0.24 (thanks, Jerry, for
it) but I need a test case... Given that I have to coordinate that
update with Debian's security team, I better have to be triple secured..:-)

However, I still haven't understood what *exactly* is the bug..:-)

David, do you have a smb.conf excerpt which I could use for testing
this ?


[signature.asc (application/pgp-signature, inline)]

Information forwarded to debian-bugs-dist@lists.debian.org, Debian Samba Maintainers <pkg-samba-maint@lists.alioth.debian.org>:
Bug#424629; Package samba. Full text and rfc822 format available.

Acknowledgement sent to Christian Perrier <bubulle@debian.org>:
Extra info received and forwarded to list. Copy sent to Debian Samba Maintainers <pkg-samba-maint@lists.alioth.debian.org>. Full text and rfc822 format available.

Message #57 received at 424629@bugs.debian.org (full text, mbox):

From: Christian Perrier <bubulle@debian.org>
To: 424629@bugs.debian.org, team@security.debian.org
Subject: Re: Bug#424629: security upgrade broke permissions check.
Date: Sat, 19 May 2007 07:57:10 +0200
[Message part 1 (text/plain, inline)]
> > I'm not sure what you should do for testing users (or stable, or anybody
> > else), since there currently is no security-fixed version that doesn't
> > break functionality.  Figuring out how we can fix this problem in stable
> > is my priority.  If we can figure out a way to fix the vulnerabilities
> > without breaking functionality, the secure-testing team ought to be able
> > to help by uploading to testing-security.


The samba team just sent me the attached patch which supposedly fixes
#424629 for 3.0.24-6etch1 (in short, it fixes that RC bug in etch's
samba).

I'm currently test-building a 3.0.24-6etch2 samba for etch. Security
team, how do you want to handle this (which is no longer a strict
security issue but a consequence of the security fix)? I can upload to
stable-security (but last time wasn't entirely successful, though I
hope to do it better now)....or just leave it up to you guys.

The same bug will be fixed in unstable by a 3.0.25a upload when that
version will be released.

[changelog (text/plain, attachment)]
[series (text/plain, attachment)]
[security-CVE-2007-2444_fixed-force-group.patch (text/x-diff, attachment)]
[signature.asc (application/pgp-signature, inline)]

Information forwarded to debian-bugs-dist@lists.debian.org, Debian Samba Maintainers <pkg-samba-maint@lists.alioth.debian.org>:
Bug#424629; Package samba. Full text and rfc822 format available.

Acknowledgement sent to "Gerald (Jerry) Carter" <jerry@samba.org>:
Extra info received and forwarded to list. Copy sent to Debian Samba Maintainers <pkg-samba-maint@lists.alioth.debian.org>. Full text and rfc822 format available.

Message #62 received at 424629@bugs.debian.org (full text, mbox):

From: "Gerald (Jerry) Carter" <jerry@samba.org>
To: Christian Perrier <bubulle@debian.org>
Cc: david rankin <drankinatty@suddenlinkmail.com>, samba@lists.samba.org, 424629@bugs.debian.org
Subject: Re: [Samba] force group to Unix group in 3.0.25
Date: Sat, 19 May 2007 07:01:19 -0500
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Christian Perrier wrote:

> Guys, I want to double check the patch to 3.0.24 
> (thanks, Jerry, for it) but I need a test case...
> Given that I have to coordinate that update
> with Debian's security team, I better have
> to be triple secured..:-)
> 
> However, I still haven't understood what *exactly* 
> is the bug..:-)
> 
> David, do you have a smb.conf excerpt which 
> I could use for testing this ?

Christian,  The issue that setting force group on a share
was causing all additional supplementary gids to be dropped
from the user's token.

So setup a share that has force group = foo and then
create a directory or file that the user should be able
to access based on supplementary groups other than
"foo".

You can verify the fix by looking at the NT and UNIX user
token debug output in smbd's level 10 debug logs.

Sorry for all the hassle and the regression.  Jeremy
and I have both looked over the code and haven't seen
any other code paths than would be problematic so
I think this one patch is enough.



cheers, jerry

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFGTucPIR7qMdg1EfYRAlWVAKDRiZSq/FfghaiUWznGJOpOVEZ2GQCgs4Hg
sezgqgVmbsq2HnODTW9sNCE=
=ybgQ
-----END PGP SIGNATURE-----



Information forwarded to debian-bugs-dist@lists.debian.org, Debian Samba Maintainers <pkg-samba-maint@lists.alioth.debian.org>:
Bug#424629; Package samba. Full text and rfc822 format available.

Acknowledgement sent to Christian Perrier <bubulle@debian.org>:
Extra info received and forwarded to list. Copy sent to Debian Samba Maintainers <pkg-samba-maint@lists.alioth.debian.org>. Full text and rfc822 format available.

Message #67 received at 424629@bugs.debian.org (full text, mbox):

From: Christian Perrier <bubulle@debian.org>
To: 424629@bugs.debian.org, team@security.debian.org
Subject: Re: Bug#424629: security upgrade broke permissions check.
Date: Sat, 19 May 2007 19:28:31 +0200
[Message part 1 (text/plain, inline)]
> The samba team just sent me the attached patch which supposedly fixes
> #424629 for 3.0.24-6etch1 (in short, it fixes that RC bug in etch's
> samba).


OK, I succeeded building a test case.

On an etch samba server running 3.0.24-6etch1, as this to smb.conf:

[test]
   comment =  Test
   path=/var/tmp/test
   create mode = 0664
   directory mode = 2775
   force group = foo
   valid users = @users

In /var/tmp/test, create a directory named "bar":

bubulle@kheops:~/src/debian/samba$ ls -l /var/tmp/test
total 8592
drwxrwx---  2 root    users       4096 2007-05-19 14:07 bar

Notice the directory belongs to "users" and 770 permissions

Connect to this with a user who's member of "users":

bubulle@kheops:~/src/debian/samba$ smbclient //kheops/test -U bubulle
Password:
Domain=[MAISON] OS=[Unix] Server=[Samba 3.0.24]
smb: \> cd foo
smb: \foo\> dir
NT_STATUS_ACCESS_DENIED listing \foo\*

                37547 blocks of size 262144. 9849 blocks available


As "bubulle" is member of "users", he should be able to list the
directory.

With 3.0.24-6etch2 I just built with the attached patch:


bubulle@kheops:~/src/debian/samba$ smbclient //kheops/www -U bubulle
Password:
Domain=[MAISON] OS=[Unix] Server=[Samba 3.0.24]
smb: \> cd foo
smb: \foo\> dir
  .                                   D        0  Sat May 19 14:07:56 2007
  ..                                  D        0  Sat May 19 14:07:56 2007

                37547 blocks of size 262144. 9849 blocks available


So, in short, we should update the version in etch with this patch.



[424629.patch (text/x-diff, attachment)]
[signature.asc (application/pgp-signature, inline)]

Information forwarded to debian-bugs-dist@lists.debian.org, Debian Samba Maintainers <pkg-samba-maint@lists.alioth.debian.org>:
Bug#424629; Package samba. Full text and rfc822 format available.

Acknowledgement sent to Moritz Muehlenhoff <jmm@inutil.org>:
Extra info received and forwarded to list. Copy sent to Debian Samba Maintainers <pkg-samba-maint@lists.alioth.debian.org>. Full text and rfc822 format available.

Message #72 received at 424629@bugs.debian.org (full text, mbox):

From: Moritz Muehlenhoff <jmm@inutil.org>
To: Christian Perrier <bubulle@debian.org>
Cc: 424629@bugs.debian.org, team@security.debian.org
Subject: Re: Bug#424629: security upgrade broke permissions check.
Date: Sun, 20 May 2007 12:33:24 +0200
Christian Perrier wrote:
> > The samba team just sent me the attached patch which supposedly fixes
> > #424629 for 3.0.24-6etch1 (in short, it fixes that RC bug in etch's
> > samba).

> So, in short, we should update the version in etch with this patch.

I'm currently building an updated package and will release an updated
DSA as soon as all builds have trickled in. I'll also keep vendor-sec
posted.

Cheers,
        Moritz



Information forwarded to debian-bugs-dist@lists.debian.org, Debian Samba Maintainers <pkg-samba-maint@lists.alioth.debian.org>:
Bug#424629; Package samba. Full text and rfc822 format available.

Acknowledgement sent to support-kai.caahafcbbbajda.S@cats.ms:
Extra info received and forwarded to list. Copy sent to Debian Samba Maintainers <pkg-samba-maint@lists.alioth.debian.org>. Full text and rfc822 format available.

Message #77 received at 424629@bugs.debian.org (full text, mbox):

From: SPUeNTRUP - Kai Henningsen <Kai.Henningsen.caahafcbbbajda.S@cats.ms>
To: 424629@bugs.debian.org
Subject: Re: Bug#424629: security upgrade broke permissions check
Date: Mon, 21 May 2007 11:09:27 +0200
Hello Christian,

Am Thu, 17 May 2007 11:10:17 +0200
schrieb Christian Perrier <bubulle@debian.org>:

> gpg: Signatur am Do 17 Mai 2007 11:10:17 CEST mit DSA Schlüssel, ID C0143D2D, erfolgt
> gpg: Falsche Unterschrift von "Christian Perrier <bubulle@kheops.homeunix.org>"

Hmm.

> I'm afraid I don't really get all the needed information to properly
> process this bug report.

Didn't sound like that from the audit trail :-)

> Your complete smb.conf file would help 

That's a bit more info than I'm comfortable giving out. However, it
seems to me that "force group: +something" is really the only relevant
option here.

>as well as the permissions on
> the offending directory and the users/group mapping (which users
> belong to what group, at least for the groups involved i the problem
> you describe)

The users in question are in the "something" group, and also in the
"other" group (their primary group being the username group). "Other"
membership should allow writing in the directory in question (because
everything in there is in that group and g+w); "something" doesn't
(owner is a different user).

> Of course, providing a level 10 log file (hopefully restricted to that
> directory) would help, in case you're in position of reproducing the
> bug again (which may be hard on a production server).

I'd probably get lynched.

Mit freundlichen Grüßen aus Münster /
with kind regards - Kai Henningsen

-- 
SPUeNTRUP Software
Windbreede 12
D-48157	Münster, Germany

Reg:	Münster Nr.29047

Fon:	+49 700 CALL CATS (=22552287)
Fon:	+49 251 322 311 0
Fax:	+49 251 322 311 99
GSM:	+49 171 7700992

Web:	http://www.cats.ms
Mail:	support-kai@cats.ms



Information forwarded to debian-bugs-dist@lists.debian.org, Debian Samba Maintainers <pkg-samba-maint@lists.alioth.debian.org>:
Bug#424629; Package samba. Full text and rfc822 format available.

Acknowledgement sent to Christian Perrier <Christian.Perrier@onera.fr>:
Extra info received and forwarded to list. Copy sent to Debian Samba Maintainers <pkg-samba-maint@lists.alioth.debian.org>. Full text and rfc822 format available.

Message #82 received at 424629@bugs.debian.org (full text, mbox):

From: Christian Perrier <Christian.Perrier@onera.fr>
To: support-kai.caahafcbbbajda.S@cats.ms, 424629@bugs.debian.org
Subject: Re: [Pkg-samba-maint] Bug#424629: security upgrade broke permissions check
Date: Mon, 21 May 2007 18:19:55 +0200
[Message part 1 (text/plain, inline)]
> > gpg: Signatur am Do 17 Mai 2007 11:10:17 CEST mit DSA Schlüssel, ID C0143D2D, erfolgt
> > gpg: Falsche Unterschrift von "Christian Perrier <bubulle@kheops.homeunix.org>"

Well, you're probably missing the Debian keyring on your
machine. 0xC0143D2D is definitely in it.

Anyway...

> > I'm afraid I don't really get all the needed information to properly
> > process this bug report.
> 
> Didn't sound like that from the audit trail :-)

Well, I assembled the information later so it is less needed now.

> > Your complete smb.conf file would help 
> 
> That's a bit more info than I'm comfortable giving out. However, it
> seems to me that "force group: +something" is really the only relevant
> option here.

In such case, you may change snesitive information. Quite often,
not having the complete smb.conf (at the minimum the entire [global]
section as well as the offending share section., is likely to make us
miss an important setting that might be specific to your setup.

> The users in question are in the "something" group, and also in the
> "other" group (their primary group being the username group). "Other"
> membership should allow writing in the directory in question (because
> everything in there is in that group and g+w); "something" doesn't
> (owner is a different user).

Yes, I finally figured that out and have been able to reproduce the
bug. It will be fixed in 3.0.25-6etch2 (currently being built by the
security team).


[signature.asc (application/pgp-signature, inline)]

Information forwarded to debian-bugs-dist@lists.debian.org, Debian Samba Maintainers <pkg-samba-maint@lists.alioth.debian.org>:
Bug#424629; Package samba. Full text and rfc822 format available.

Acknowledgement sent to Christian Perrier <bubulle@debian.org>:
Extra info received and forwarded to list. Copy sent to Debian Samba Maintainers <pkg-samba-maint@lists.alioth.debian.org>. Full text and rfc822 format available.

Message #87 received at 424629@bugs.debian.org (full text, mbox):

From: Christian Perrier <bubulle@debian.org>
To: Kai Henningsen <kai.caahafbgbfeaba.S@cats.ms>, 424629@bugs.debian.org
Subject: Re: Bug#424629: security upgrade broke permissions check
Date: Tue, 22 May 2007 07:37:58 +0200
[Message part 1 (text/plain, inline)]
notfound 424629 samba_3.0.24-6etch2
found 424629 samba_3.0.25-1
thanks


Quoting Kai Henningsen (kai.caahafbgbfeaba.S@cats.ms):
> Package: samba
> Version: 3.0.24-6etch1
> Severity: important
> 
> (Versions below from after I downgraded Samba: 3.0.24-6 works fine.)
> 
> Symptoms: on a share with "force group" set, users no longer have access
> according to their usual groups; as newly created files (correctly) have
> the forced group, presumably somehow samba lost the supplementary group
> list.
> 
> This seriously broke this machine.


The 3.0.24-6etch2 version that supposedly fixes this, has just reach
etch-security.

I'm not completely sure that the found/notfound above commands to
control are anything useful but that diesn't hurt..:)


[signature.asc (application/pgp-signature, inline)]

Information forwarded to debian-bugs-dist@lists.debian.org, Debian Samba Maintainers <pkg-samba-maint@lists.alioth.debian.org>:
Bug#424629; Package samba. Full text and rfc822 format available.

Acknowledgement sent to support-kai.caahafccbbdidd.S@cats.ms:
Extra info received and forwarded to list. Copy sent to Debian Samba Maintainers <pkg-samba-maint@lists.alioth.debian.org>. Full text and rfc822 format available.

Message #92 received at 424629@bugs.debian.org (full text, mbox):

From: SPUeNTRUP - Kai Henningsen <Kai.Henningsen.caahafccbbdidd.S@cats.ms>
To: Christian Perrier <Christian.Perrier@onera.fr>
Cc: 424629@bugs.debian.org
Subject: Re: [Pkg-samba-maint] Bug#424629: security upgrade broke permissions check
Date: Tue, 22 May 2007 11:38:30 +0200
Hello Christian,

Am Mon, 21 May 2007 18:19:55 +0200
schrieb Christian Perrier <Christian.Perrier@onera.fr>:

> --4652b713_4b2230d6_17ed
> 
> gpg: Signatur am Mo 21 Mai 2007 18:19:55 CEST mit DSA Schlüssel, ID C0143D2D, erfolgt
> gpg: Falsche Unterschrift von "Christian Perrier <bubulle@kheops.homeunix.org>"
> 
> --4652b713_4b2230d6_17ed
> 
> 
> > > gpg: Signatur am Do 17 Mai 2007 11:10:17 CEST mit DSA Schl=C3=BCssel, I=
> D C0143D2D, erfolgt
> > > gpg: Falsche Unterschrift von "Christian Perrier <bubulle@kheops.homeun=
> ix.org>"
> 
> Well, you're probably missing the Debian keyring on your
> machine. 0xC0143D2D is definitely in it.

No, that's not a "missing key" message (gpg knows how to fetch missing
keys, and anyway then it wouldn't know who the key owner was), that's a
"bad checksum" message. In some other email client, I used to get those
from character set reencoding problems. (Well, you might call it "from
checking at the wrong point in the pipeline", but it happened whenever
there was non-ASCII involved, because reencoding failed to reproduce
the exact original signed text. That's what it signifies: whatever gpg
got fed was not the exact original signed text. And as I *have* seen
correct signatures, even with non-ASCII, with this setup, I think it
must be a problem at the other end.)

> Anyway...

> Yes, I finally figured that out and have been able to reproduce the
> bug. It will be fixed in 3.0.25-6etch2 (currently being built by the
> security team).

... I'm looking forward to that.

Mit freundlichen Grüßen aus Münster /
with kind regards - Kai Henningsen

-- 
SPUeNTRUP Software
Windbreede 12
D-48157	Münster, Germany

Reg:	Münster Nr.29047

Fon:	+49 700 CALL CATS (=22552287)
Fon:	+49 251 322 311 0
Fax:	+49 251 322 311 99
GSM:	+49 171 7700992

Web:	http://www.cats.ms
Mail:	support-kai@cats.ms



Reply sent to Christian Perrier <bubulle@debian.org>:
You have taken responsibility. Full text and rfc822 format available.

Notification sent to Kai Henningsen <kai.caahafbgbfeaba.S@cats.ms>:
Bug acknowledged by developer. Full text and rfc822 format available.

Message #97 received at 424629-close@bugs.debian.org (full text, mbox):

From: Christian Perrier <bubulle@debian.org>
To: 424629-close@bugs.debian.org
Subject: Bug#424629: fixed in samba 3.0.25a-1
Date: Sun, 27 May 2007 10:17:08 +0000
Source: samba
Source-Version: 3.0.25a-1

We believe that the bug you reported is fixed in the latest version of
samba, which is due to be installed in the Debian FTP archive:

libpam-smbpass_3.0.25a-1_i386.deb
  to pool/main/s/samba/libpam-smbpass_3.0.25a-1_i386.deb
libsmbclient-dev_3.0.25a-1_i386.deb
  to pool/main/s/samba/libsmbclient-dev_3.0.25a-1_i386.deb
libsmbclient_3.0.25a-1_i386.deb
  to pool/main/s/samba/libsmbclient_3.0.25a-1_i386.deb
python-samba_3.0.25a-1_i386.deb
  to pool/main/s/samba/python-samba_3.0.25a-1_i386.deb
samba-common_3.0.25a-1_i386.deb
  to pool/main/s/samba/samba-common_3.0.25a-1_i386.deb
samba-dbg_3.0.25a-1_i386.deb
  to pool/main/s/samba/samba-dbg_3.0.25a-1_i386.deb
samba-doc-pdf_3.0.25a-1_all.deb
  to pool/main/s/samba/samba-doc-pdf_3.0.25a-1_all.deb
samba-doc_3.0.25a-1_all.deb
  to pool/main/s/samba/samba-doc_3.0.25a-1_all.deb
samba_3.0.25a-1.diff.gz
  to pool/main/s/samba/samba_3.0.25a-1.diff.gz
samba_3.0.25a-1.dsc
  to pool/main/s/samba/samba_3.0.25a-1.dsc
samba_3.0.25a-1_i386.deb
  to pool/main/s/samba/samba_3.0.25a-1_i386.deb
samba_3.0.25a.orig.tar.gz
  to pool/main/s/samba/samba_3.0.25a.orig.tar.gz
smbclient_3.0.25a-1_i386.deb
  to pool/main/s/samba/smbclient_3.0.25a-1_i386.deb
smbfs_3.0.25a-1_i386.deb
  to pool/main/s/samba/smbfs_3.0.25a-1_i386.deb
swat_3.0.25a-1_i386.deb
  to pool/main/s/samba/swat_3.0.25a-1_i386.deb
winbind_3.0.25a-1_i386.deb
  to pool/main/s/samba/winbind_3.0.25a-1_i386.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 424629@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Christian Perrier <bubulle@debian.org> (supplier of updated samba package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Sun, 27 May 2007 09:30:02 +0200
Source: samba
Binary: python-samba samba-doc-pdf samba-doc libsmbclient libpam-smbpass swat winbind smbclient samba libsmbclient-dev samba-common samba-dbg smbfs
Architecture: source i386 all
Version: 3.0.25a-1
Distribution: unstable
Urgency: low
Maintainer: Debian Samba Maintainers <pkg-samba-maint@lists.alioth.debian.org>
Changed-By: Christian Perrier <bubulle@debian.org>
Description: 
 libpam-smbpass - pluggable authentication module for SMB/CIFS password database
 libsmbclient - shared library that allows applications to talk to SMB/CIFS serve
 libsmbclient-dev - libsmbclient static libraries and headers
 python-samba - Python bindings that allow access to various aspects of Samba
 samba      - a LanManager-like file and printer server for Unix
 samba-common - Samba common files used by both the server and the client
 samba-dbg  - Samba debugging symbols
 samba-doc  - Samba documentation
 samba-doc-pdf - Samba documentation (PDF format)
 smbclient  - a LanManager-like simple client for Unix
 smbfs      - mount and umount commands for the smbfs (for kernels >= than 2.2.
 swat       - Samba Web Administration Tool
 winbind    - service to resolve user and group information from Windows NT ser
Closes: 424629 424637 425083 425640 425680 426002
Changes: 
 samba (3.0.25a-1) unstable; urgency=low
 .
   [ Christian Perrier ]
   * New upstream version
   * Bugs fixed upstream:
     - password expiration loog on samba domain controllers. Closes: #425083
     - no more login on samba servers that are members of samba domains
       Closes: #425680, #426002
     - users no longer have access according to their secondary groups
       on shares with "force group". Closes: #424629
   * Debian packaging fixes:
     - Enforce building with "--with-ads" and therefore fail
       when the build can't be done with kerberos support.
       Closes: #424637
     - debian/control: wrap long lines in packages' descriptions
     - uncomment out use of type-handling in the clean target, because
       type-handling has been fixed to support the new /usr/share/dpkg/ostable
     - avoid installing extra COPYING files in /usr/share/doc/* (one was
       installed along with the pcap2nbench example)
   * Merge Ubuntu changes:
     - use of PIDDIR instead of hardcoding it in samba.init and winbind.init
   * Patches to upstream source:
     - patches/fhs.patch: recreate winbindd_cache.tdb in the cache directory
       instead of the lock directory. Thanks to C. K. Jester-Young for the
       patch. Closes: #425640
 .
   [ Steve Langasek ]
   * swat and samba depend on update-inetd instead of on netbase; swat also
     depends on "openbsd-inetd | inet-superserver", for samba this is only a
     Suggests.
Files: 
 fb3517c292458ea07cea858bfeed1cae 1424 net optional samba_3.0.25a-1.dsc
 cbd33bb5d904ccd8a294a4019743745d 18145636 net optional samba_3.0.25a.orig.tar.gz
 2fb8dd59f61b8db80a2500beeab0d82e 181553 net optional samba_3.0.25a-1.diff.gz
 85e27ba706d8c690968d53b4783e1494 6971664 doc optional samba-doc_3.0.25a-1_all.deb
 52f468a1a7740a00378c2f758cb6d051 6597262 doc optional samba-doc-pdf_3.0.25a-1_all.deb
 1c4d51ede06b0e746c33f329f4056c72 3756762 net optional samba_3.0.25a-1_i386.deb
 93c2ee32c81f48c0142e876b72a84b67 2784956 net optional samba-common_3.0.25a-1_i386.deb
 5bf08f1bc6870ea1ad613f604392bd2c 4761368 net optional smbclient_3.0.25a-1_i386.deb
 030e77057ace2c6c01d88c4de4bac5aa 945672 net optional swat_3.0.25a-1_i386.deb
 569bcec989c331f64fdad90206a5042c 466200 otherosfs optional smbfs_3.0.25a-1_i386.deb
 503ec870db25f74a2d9daefe4090a83a 60270 admin extra libpam-smbpass_3.0.25a-1_i386.deb
 ab64fe2a1eedf9b694101012eeb9411f 857088 libs optional libsmbclient_3.0.25a-1_i386.deb
 f7f9832e5c591ca109650081420f90f9 1169192 libdevel extra libsmbclient-dev_3.0.25a-1_i386.deb
 d6190fc561f9fcbf1e92956a1a9e15ad 2184730 net optional winbind_3.0.25a-1_i386.deb
 9af28e7f5e5c3e09ea6937f90ec7e889 6481744 python optional python-samba_3.0.25a-1_i386.deb
 2ea9f21b8d0a162456cc61762c8b0dd8 13105260 devel extra samba-dbg_3.0.25a-1_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFGWVY31OXtrMAUPS0RAphhAJ9+OVO2vTngN9sOQiu+CpujXS0JNQCfXmXU
ZDo09ZpBY4IzhqfHEsvY40A=
=45z1
-----END PGP SIGNATURE-----




Reply sent to Christian Perrier <bubulle@debian.org>:
You have taken responsibility. Full text and rfc822 format available.

Notification sent to Kai Henningsen <kai.caahafbgbfeaba.S@cats.ms>:
Bug acknowledged by developer. Full text and rfc822 format available.

Message #102 received at 424629-close@bugs.debian.org (full text, mbox):

From: Christian Perrier <bubulle@debian.org>
To: 424629-close@bugs.debian.org
Subject: Bug#424629: fixed in samba 3.0.24-6etch2
Date: Fri, 08 Jun 2007 07:52:31 +0000
Source: samba
Source-Version: 3.0.24-6etch2

We believe that the bug you reported is fixed in the latest version of
samba, which is due to be installed in the Debian FTP archive:

libpam-smbpass_3.0.24-6etch2_i386.deb
  to pool/main/s/samba/libpam-smbpass_3.0.24-6etch2_i386.deb
libsmbclient-dev_3.0.24-6etch2_i386.deb
  to pool/main/s/samba/libsmbclient-dev_3.0.24-6etch2_i386.deb
libsmbclient_3.0.24-6etch2_i386.deb
  to pool/main/s/samba/libsmbclient_3.0.24-6etch2_i386.deb
python-samba_3.0.24-6etch2_i386.deb
  to pool/main/s/samba/python-samba_3.0.24-6etch2_i386.deb
samba-common_3.0.24-6etch2_i386.deb
  to pool/main/s/samba/samba-common_3.0.24-6etch2_i386.deb
samba-dbg_3.0.24-6etch2_i386.deb
  to pool/main/s/samba/samba-dbg_3.0.24-6etch2_i386.deb
samba-doc-pdf_3.0.24-6etch2_all.deb
  to pool/main/s/samba/samba-doc-pdf_3.0.24-6etch2_all.deb
samba-doc_3.0.24-6etch2_all.deb
  to pool/main/s/samba/samba-doc_3.0.24-6etch2_all.deb
samba_3.0.24-6etch2.diff.gz
  to pool/main/s/samba/samba_3.0.24-6etch2.diff.gz
samba_3.0.24-6etch2.dsc
  to pool/main/s/samba/samba_3.0.24-6etch2.dsc
samba_3.0.24-6etch2_i386.deb
  to pool/main/s/samba/samba_3.0.24-6etch2_i386.deb
smbclient_3.0.24-6etch2_i386.deb
  to pool/main/s/samba/smbclient_3.0.24-6etch2_i386.deb
smbfs_3.0.24-6etch2_i386.deb
  to pool/main/s/samba/smbfs_3.0.24-6etch2_i386.deb
swat_3.0.24-6etch2_i386.deb
  to pool/main/s/samba/swat_3.0.24-6etch2_i386.deb
winbind_3.0.24-6etch2_i386.deb
  to pool/main/s/samba/winbind_3.0.24-6etch2_i386.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 424629@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Christian Perrier <bubulle@debian.org> (supplier of updated samba package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Sat, 19 May 2007 07:24:19 +0200
Source: samba
Binary: python-samba samba-doc-pdf samba-doc libsmbclient libpam-smbpass swat winbind smbclient samba libsmbclient-dev samba-common samba-dbg smbfs
Architecture: source i386 all
Version: 3.0.24-6etch2
Distribution: stable-security
Urgency: high
Maintainer: Debian Samba Maintainers <pkg-samba-maint@lists.alioth.debian.org>
Changed-By: Christian Perrier <bubulle@debian.org>
Description: 
 libpam-smbpass - pluggable authentication module for SMB/CIFS password database
 libsmbclient - shared library that allows applications to talk to SMB/CIFS serve
 libsmbclient-dev - libsmbclient static libraries and headers
 python-samba - Python bindings that allow access to various aspects of Samba
 samba      - a LanManager-like file and printer server for Unix
 samba-common - Samba common files used by both the server and the client
 samba-dbg  - Samba debugging symbols
 samba-doc  - Samba documentation
 samba-doc-pdf - Samba documentation (PDF format)
 smbclient  - a LanManager-like simple client for Unix
 smbfs      - mount and umount commands for the smbfs (for kernels >= than 2.2.
 swat       - Samba Web Administration Tool
 winbind    - service to resolve user and group information from Windows NT ser
Closes: 424629
Changes: 
 samba (3.0.24-6etch2) stable-security; urgency=high
 .
   * The fix for CVE-2007-2444 broke the behaviour of "force group" when
     for forced group is a local Unix group for domain member servers
     Applied an upstream patch (security-CVE-2007-244_fixed-force-group.patch)
     that is part of samba 3.0.25a.
     Closes: #424629
Files: 
 9195e7028f572668d8874954869b66b1 1425 net optional samba_3.0.24-6etch2.dsc
 2292288a9b7bbb539010392f08a3ff5e 210086 net optional samba_3.0.24-6etch2.diff.gz
 9afa517ad45835cea25940ab45eacad8 6913258 doc optional samba-doc_3.0.24-6etch2_all.deb
 ecc25b10f2a27bab6363dd1ad1143860 6598866 doc optional samba-doc-pdf_3.0.24-6etch2_all.deb
 835d42ef59fc870511da154fd1dee960 3261114 net optional samba_3.0.24-6etch2_i386.deb
 6602f1a872673d3ac19a6cfe0d5744b9 2381274 net optional samba-common_3.0.24-6etch2_i386.deb
 e83ce20cac8ae5049a1b4643f37c99b5 3880918 net optional smbclient_3.0.24-6etch2_i386.deb
 56c6aab93169df0c78242a9577bf41a8 793430 net optional swat_3.0.24-6etch2_i386.deb
 4c545fe7e1d8d59778fff9bbf155f825 412666 otherosfs optional smbfs_3.0.24-6etch2_i386.deb
 45007363f7ee74b31d769564f6b07fb9 418662 admin extra libpam-smbpass_3.0.24-6etch2_i386.deb
 f7061733ce550fde4a6cf59d990854d9 757868 libs optional libsmbclient_3.0.24-6etch2_i386.deb
 96c905a6abd803988a78d2b07950749d 112212 libdevel extra libsmbclient-dev_3.0.24-6etch2_i386.deb
 609aa408f67e4633e6ceb136a7c39bcc 1865464 net optional winbind_3.0.24-6etch2_i386.deb
 2fb0d5f395d2237749e52f36cf03a5ec 5662462 python optional python-samba_3.0.24-6etch2_i386.deb
 87b20eb64236a595193e785eaf61c9f0 11884128 devel extra samba-dbg_3.0.24-6etch2_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFGUCdXXm3vHE4uyloRApHLAJ9L+XSmTBOzkmj2OtzZJJRoj8OAiACcDIsw
xHlSe8qmvLZ3Yafc05vd5Zw=
=Na1t
-----END PGP SIGNATURE-----




Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Sat, 07 Jul 2007 07:39:35 GMT) Full text and rfc822 format available.

Send a report that this bug log contains spam.


Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Thu Apr 24 01:50:36 2014; Machine Name: buxtehude.debian.org

Debian Bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.