Acknowledgement sent to Sascha Herrmann <sh_bugs@nttcable.de>:
New Bug report received and forwarded. Copy sent to Debian Samba Maintainers <pkg-samba-maint@lists.alioth.debian.org>.
(full text, mbox, link).
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: samba: group_mapping.ldb created world writeable after manual deletion
Date: Fri, 22 Aug 2008 15:54:21 +0200
Package: samba
Version: 2:3.2.0-4
Severity: normal
After removing the group_mapping.tdb file in /var/lib/samba, samba recreates
this file with the permissions set to 0666, allowing everybody with access
to the system to modify this file. I think this isn't a good idea. I removed
this file on a system I cloned from a working system because I wanted to be
sure there are no cached informations of the domain the original system was
a member of.
-- System Information:
Debian Release: lenny/sid
APT prefers testing
APT policy: (500, 'testing')
Architecture: i386 (i686)
Kernel: Linux 2.6.18-6-xen-686 (SMP w/1 CPU core)
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)
Shell: /bin/sh linked to /bin/bash
Versions of packages samba depends on:
ii adduser 3.108 add and remove users and groups
ii debconf [debconf-2.0 1.5.22 Debian configuration management sy
ii libacl1 2.2.47-2 Access control list shared library
ii libattr1 1:2.4.43-1 Extended attribute shared library
ii libc6 2.7-13 GNU C Library: Shared libraries
ii libcomerr2 1.41.0-3 common error description library
pi libcups2 1.3.8-1 Common UNIX Printing System(tm) -
ii libgnutls26 2.4.1-1 the GNU TLS library - runtime libr
ii libkrb53 1.6.dfsg.4~beta1-3 MIT Kerberos runtime libraries
ii libldap-2.4-2 2.4.10-3 OpenLDAP libraries
ii libpam-modules 1.0.1-2 Pluggable Authentication Modules f
ii libpam-runtime 1.0.1-2 Runtime support for the PAM librar
ii libpam0g 1.0.1-2 Pluggable Authentication Modules l
ii libpopt0 1.14-4 lib for parsing cmdline parameters
ii libtalloc1 1.2.0~git20080616-1 hierarchical pool based memory all
ii libwbclient0 2:3.2.0-4 client library for interfacing wit
ii logrotate 3.7.1-3 Log rotation utility
ii lsb-base 3.2-19 Linux Standard Base 3.2 init scrip
ii procps 1:3.2.7-8 /proc file system utilities
ii samba-common 2:3.2.0-4 Samba common files used by both th
ii update-inetd 4.30+nmu1 inetd configuration file updater
ii zlib1g 1:1.2.3.3.dfsg-12 compression library - runtime
samba recommends no packages.
Versions of packages samba suggests:
ii openbsd-inetd [inet-superse 0.20080125-1 The OpenBSD Internet Superserver
pn smbldap-tools <none> (no description available)
-- debconf information:
* samba/run_mode: daemons
samba/tdbsam: false
* samba/generate_smbpasswd: true
Tags added: confirmed, upstream
Request was from Steve Langasek <vorlon@debian.org>
to control@bugs.debian.org.
(Sun, 24 Aug 2008 00:54:02 GMT) (full text, mbox, link).
Severity set to `important' from `normal'
Request was from Steve Langasek <vorlon@debian.org>
to control@bugs.debian.org.
(Sun, 24 Aug 2008 00:54:02 GMT) (full text, mbox, link).
Tags added: security
Request was from Steve Langasek <vorlon@debian.org>
to control@bugs.debian.org.
(Sun, 24 Aug 2008 01:12:02 GMT) (full text, mbox, link).
Information forwarded to debian-bugs-dist@lists.debian.org, Debian Samba Maintainers <pkg-samba-maint@lists.alioth.debian.org>: Bug#496073; Package samba.
(full text, mbox, link).
Acknowledgement sent to Julien Cristau <jcristau@debian.org>:
Extra info received and forwarded to list. Copy sent to Debian Samba Maintainers <pkg-samba-maint@lists.alioth.debian.org>.
(full text, mbox, link).
Subject: Re: [Pkg-samba-maint] Bug#496073: samba: group_mapping.ldb created
world writeable after manual deletion
Date: Tue, 26 Aug 2008 16:18:22 +0200
On Fri, Aug 22, 2008 at 15:54:21 +0200, Sascha Herrmann wrote:
> After removing the group_mapping.tdb file in /var/lib/samba, samba recreates
> this file with the permissions set to 0666, allowing everybody with access
> to the system to modify this file. I think this isn't a good idea. I removed
> this file on a system I cloned from a working system because I wanted to be
> sure there are no cached informations of the domain the original system was
> a member of.
>
This has been assigned CVE-2008-3789, FWIW.
Cheers,
Julien
Information forwarded to debian-bugs-dist@lists.debian.org, Debian Samba Maintainers <pkg-samba-maint@lists.alioth.debian.org>: Bug#496073; Package samba.
(full text, mbox, link).
Acknowledgement sent to Thijs Kinkhorst <thijs@debian.org>:
Extra info received and forwarded to list. Copy sent to Debian Samba Maintainers <pkg-samba-maint@lists.alioth.debian.org>.
(full text, mbox, link).
This is CVE-2008-3789. Please mention it in the changelog when uploading.
Perhaps someone can add it to the upstream bug, as I'm not allowed to access
that.
Thijs
Source: samba
Source-Version: 2:3.2.3-1
We believe that the bug you reported is fixed in the latest version of
samba, which is due to be installed in the Debian FTP archive:
libpam-smbpass_3.2.3-1_amd64.deb
to pool/main/s/samba/libpam-smbpass_3.2.3-1_amd64.deb
libsmbclient-dev_3.2.3-1_amd64.deb
to pool/main/s/samba/libsmbclient-dev_3.2.3-1_amd64.deb
libsmbclient_3.2.3-1_amd64.deb
to pool/main/s/samba/libsmbclient_3.2.3-1_amd64.deb
libwbclient0_3.2.3-1_amd64.deb
to pool/main/s/samba/libwbclient0_3.2.3-1_amd64.deb
samba-common_3.2.3-1_amd64.deb
to pool/main/s/samba/samba-common_3.2.3-1_amd64.deb
samba-dbg_3.2.3-1_amd64.deb
to pool/main/s/samba/samba-dbg_3.2.3-1_amd64.deb
samba-doc-pdf_3.2.3-1_all.deb
to pool/main/s/samba/samba-doc-pdf_3.2.3-1_all.deb
samba-doc_3.2.3-1_all.deb
to pool/main/s/samba/samba-doc_3.2.3-1_all.deb
samba-tools_3.2.3-1_amd64.deb
to pool/main/s/samba/samba-tools_3.2.3-1_amd64.deb
samba_3.2.3-1.diff.gz
to pool/main/s/samba/samba_3.2.3-1.diff.gz
samba_3.2.3-1.dsc
to pool/main/s/samba/samba_3.2.3-1.dsc
samba_3.2.3-1_amd64.deb
to pool/main/s/samba/samba_3.2.3-1_amd64.deb
samba_3.2.3.orig.tar.gz
to pool/main/s/samba/samba_3.2.3.orig.tar.gz
smbclient_3.2.3-1_amd64.deb
to pool/main/s/samba/smbclient_3.2.3-1_amd64.deb
smbfs_3.2.3-1_amd64.deb
to pool/main/s/samba/smbfs_3.2.3-1_amd64.deb
swat_3.2.3-1_amd64.deb
to pool/main/s/samba/swat_3.2.3-1_amd64.deb
winbind_3.2.3-1_amd64.deb
to pool/main/s/samba/winbind_3.2.3-1_amd64.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 496073@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Steve Langasek <vorlon@debian.org> (supplier of updated samba package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Wed, 27 Aug 2008 10:19:59 -0700
Source: samba
Binary: samba samba-common samba-tools smbclient swat samba-doc samba-doc-pdf smbfs libpam-smbpass libsmbclient libsmbclient-dev winbind samba-dbg libwbclient0
Architecture: source all amd64
Version: 2:3.2.3-1
Distribution: unstable
Urgency: high
Maintainer: Debian Samba Maintainers <pkg-samba-maint@lists.alioth.debian.org>
Changed-By: Steve Langasek <vorlon@debian.org>
Description:
libpam-smbpass - pluggable authentication module for SMB/CIFS password database
libsmbclient - shared library that allows applications to talk to SMB/CIFS serve
libsmbclient-dev - libsmbclient static libraries and headers
libwbclient0 - client library for interfacing with winbind service
samba - a LanManager-like file and printer server for Unix
samba-common - Samba common files used by both the server and the client
samba-dbg - Samba debugging symbols
samba-doc - Samba documentation
samba-doc-pdf - Samba documentation (PDF format)
samba-tools - tools provided by the Samba suite
smbclient - a LanManager-like simple client for Unix
smbfs - mount and umount commands for the smbfs (for kernels >= than 2.2.
swat - Samba Web Administration Tool
winbind - service to resolve user and group information from Windows NT ser
Closes: 491881496073
Changes:
samba (2:3.2.3-1) unstable; urgency=high
.
* High-urgency upload for security fix
* New upstream release
- Fix "/usr/lib/cups/backend/smb does not try port 139 anymore by default"
Closes: #491881
- Fix the default permissions on ldb databases. Addresses
CVE-2008-3789; closes: #496073.
- debian/rules, debian/smbfs.files: build with cifs.upcall,
newly introduced to replace cifs.spnego
- debian/rules: no more need to rename libsmbclient.so to
libsmbclient.so.0, or libwbclient.so to libwbclient.so.0
.
[ Noèl Köthe ]
* fixing lintian warning "build-depends-on-1-revision"
Checksums-Sha1:
8fab7280e167deb055e19a489f047d164f471bfb 1774 samba_3.2.3-1.dsc
f6117a2da69d158cdcd76e27ea85801f2700450e 23704996 samba_3.2.3.orig.tar.gz
dacc9b5c37a352ab3d3bc288ed1a91cafc0920d6 216136 samba_3.2.3-1.diff.gz
80df837ca65e8d49afbf7c3b796004d73db9dbb2 7943980 samba-doc_3.2.3-1_all.deb
d5971435e0ce73a80b27c76a1b3506c20e2caa22 6251740 samba-doc-pdf_3.2.3-1_all.deb
f625d07dba5908c50284545311b2107459e308dc 4773376 samba_3.2.3-1_amd64.deb
358e1d4655ff8ce519416b005eb1d0c11f916546 3724886 samba-common_3.2.3-1_amd64.deb
dfa8bb2350e0553984d196cd3dc3495b8f44b9d6 5646560 samba-tools_3.2.3-1_amd64.deb
f7c07f28e28067d4574d52b54bc7f50fb383ac91 7007790 smbclient_3.2.3-1_amd64.deb
3bd1eb81992732e8d814826b853dc38bd69b470c 1082516 swat_3.2.3-1_amd64.deb
987afc612a27c84352a9c6d4aa79d3d130dad1c8 1491144 smbfs_3.2.3-1_amd64.deb
be7b5e504a9dbf0878134c796d68e78c05159e9d 626332 libpam-smbpass_3.2.3-1_amd64.deb
26f0228418bd0c69cb1539b395adb24b0475736d 1357500 libsmbclient_3.2.3-1_amd64.deb
952283aa4110fd1cea337b76294de5fee5906d70 1952558 libsmbclient-dev_3.2.3-1_amd64.deb
04990e1967e3e37fcf6dbb4cb61b09e44adb8459 3275356 winbind_3.2.3-1_amd64.deb
f213f0f3b5b11d5982be7ff41b3a56e79fe87d9c 1992298 samba-dbg_3.2.3-1_amd64.deb
896e7c820dda20a24ddf2f46685f69c6ddfa801c 78860 libwbclient0_3.2.3-1_amd64.deb
Checksums-Sha256:
85fd16a58b8c69f53e519b8d696064d9b07163d09ca5f57c71c21a15feb7b36f 1774 samba_3.2.3-1.dsc
40dfa61815b0c9f6ef9ae98ef40883cff81555467b7f11b836ce5a2f307d4c64 23704996 samba_3.2.3.orig.tar.gz
c9fc468649ec023a7696dab199202816ee5f8799118fd6789023aaa850f523ee 216136 samba_3.2.3-1.diff.gz
f50d87c9bd1f44e441bc8e59653b072d2d71cf564b9bc5e84942ba2b7e3b324e 7943980 samba-doc_3.2.3-1_all.deb
eaef55704140c683292eec5415117534e54ce8d3a56742e409d9ddbae6c57091 6251740 samba-doc-pdf_3.2.3-1_all.deb
e6f9ce145ece00e2a1123acb50b2f5d19a4dad3f60c3833ed2c7348a32ef613d 4773376 samba_3.2.3-1_amd64.deb
7472931e938c8358d2cf609a9ed931869038a0cea344c3c6bb7b588649529212 3724886 samba-common_3.2.3-1_amd64.deb
c1137218d4d5c2e5ef970ccb6a953bce5be9dfd63e8475bfb6f97b8c968dd128 5646560 samba-tools_3.2.3-1_amd64.deb
aa9e5873ae9871454e10e66d8cce579931adc91c7e13e4071e0471a3e46715e1 7007790 smbclient_3.2.3-1_amd64.deb
07551f617ec4518648265576e6f6f09b200b802d1c3a9a7a797b7b5a51453bca 1082516 swat_3.2.3-1_amd64.deb
4ed6b64f7c4d39e4092f1727045eaba6485174eabfcc7befd3dd93952d1d12ce 1491144 smbfs_3.2.3-1_amd64.deb
9311f8f78e036593305c6c829c5f6995da6087c52f6551f3f6f9add65b957b0d 626332 libpam-smbpass_3.2.3-1_amd64.deb
9254da8a2ba3d478990e8dc6e64052b8361cad40f87c845e3bcf6be24b01edaa 1357500 libsmbclient_3.2.3-1_amd64.deb
eed643ec70f8f8525015c0d43d70a2ed58d7965ea1cf2181568f965ea054f3e5 1952558 libsmbclient-dev_3.2.3-1_amd64.deb
1a415b53fe8a475261ecd5c3b8940e35cc3f34001c8635e9d4dcafc20182dfb9 3275356 winbind_3.2.3-1_amd64.deb
e06453ea026aa1faf170965fd8c663c3b22e303ccd723f61eb23f54d0a51c725 1992298 samba-dbg_3.2.3-1_amd64.deb
3352fd20c148829b1d65254a75e2072f8cf28d5491cbc3374337c2ef462dca27 78860 libwbclient0_3.2.3-1_amd64.deb
Files:
2c39be94df39ec00cedfdc5a8d102ae3 1774 net optional samba_3.2.3-1.dsc
c1630a57ac0ec24bc364c6d11c93ec35 23704996 net optional samba_3.2.3.orig.tar.gz
2e85d87d4d25be557c622cb1995b3ff3 216136 net optional samba_3.2.3-1.diff.gz
db87bf9dcb28296a1b95b139ef1b09b9 7943980 doc optional samba-doc_3.2.3-1_all.deb
66a1ed547847dff2c9ba8d708b973917 6251740 doc optional samba-doc-pdf_3.2.3-1_all.deb
b329f4f5f287b6212612c959a254dc14 4773376 net optional samba_3.2.3-1_amd64.deb
df2728a8d20df1bd48baaf4efc11d469 3724886 net optional samba-common_3.2.3-1_amd64.deb
da5eefed4bb9711e1be61ea4f27e0ece 5646560 net optional samba-tools_3.2.3-1_amd64.deb
b8892b7569da98b88727826f92d7013b 7007790 net optional smbclient_3.2.3-1_amd64.deb
71be9545f2d093dbda2cb3456b701440 1082516 net optional swat_3.2.3-1_amd64.deb
b30540365a09b81210a1120df8c256e2 1491144 otherosfs optional smbfs_3.2.3-1_amd64.deb
094f51ce91bffcce675309b8cbb0b881 626332 admin extra libpam-smbpass_3.2.3-1_amd64.deb
aff16820177aa8fd29ae48719a20c022 1357500 libs optional libsmbclient_3.2.3-1_amd64.deb
1b70e2288f4637ebe3abf276748c9924 1952558 libdevel extra libsmbclient-dev_3.2.3-1_amd64.deb
7849792ee87df6cac99738657ef1dc5a 3275356 net optional winbind_3.2.3-1_amd64.deb
bca2a00df3d22c99fe302b1bff02205d 1992298 devel extra samba-dbg_3.2.3-1_amd64.deb
f7c28863ea5e564137fe7d030914b066 78860 libs optional libwbclient0_3.2.3-1_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iD8DBQFItZ8HKN6ufymYLloRAizfAKCCUR6FZp6ioxMfW93dgNhfixJbHACfekVF
+U50giDRJK7xSPkd08cCncQ=
=RqAb
-----END PGP SIGNATURE-----
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org.
(Sun, 28 Sep 2008 07:30:09 GMT) (full text, mbox, link).
Debbugs is free software and licensed under the terms of the GNU General
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.