Bug 26609 - libntlm new security issue CVE-2019-17455
Summary: libntlm new security issue CVE-2019-17455
Status: RESOLVED FIXED
Alias: None
Product: Mageia
Classification: Unclassified
Component: Security (show other bugs)
Version: 7
Hardware: All Linux
Priority: Normal critical
Target Milestone: ---
Assignee: QA Team
QA Contact: Sec team
URL:
Whiteboard: MGA7-64-OK
Keywords: advisory, validated_update
Depends on:
Blocks:
 
Reported: 2020-05-11 22:38 CEST by David Walser
Modified: 2020-05-24 20:06 CEST (History)
5 users (show)

See Also:
Source RPM: libntlm-1.5-2.mga7.src.rpm
CVE:
Status comment:


Attachments

Description David Walser 2020-05-11 22:38:43 CEST
Debian-LTS has issued an advisory on May 10:
https://www.debian.org/lts/security/2020/dla-2207

The issue is fixed upstream in 1.6.
Comment 1 Nicolas Lécureuil 2020-05-17 15:38:50 CEST
Pushed in updates testing.

Advisory:
========================

A new version of libntlm.
It fixes CVE-2019-17455

Updated packages in core/updates_testing:
========================
lib64ntlm0-1.6-1.mga7
lib64ntlm-devel-1.6-1.mga7


from: libntlm-1.6-1.mga7

Status: NEW => ASSIGNED
Assignee: geiger.david68210 => qa-bugs
CC: (none) => mageia

Comment 2 David Walser 2020-05-17 19:28:58 CEST
Advisory:
========================

Updated libntlm packages fix security vulnerability:

It was discovered that libntlm through 1.5 relies on a fixed buffer size for
tSmbNtlmAuthRequest, tSmbNtlmAuthChallenge, and tSmbNtlmAuthResponse read and
write operations, as demonstrated by a stack-based buffer over-read in
buildSmbNtlmAuthRequest in smbutil.c for a crafted NTLM request
(CVE-2019-17455).

References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17455
https://www.debian.org/lts/security/2020/dla-2207
Comment 3 Herman Viaene 2020-05-19 14:32:19 CEST
MGA7-64 Plasma on Lenovo B50
No installation issues.
lib64ntlm0 announces itself in MCC as "A library for authenticating with Microsoft NTLM challenge-response, derived from Samba sources."
but when I
# urpmq --whatrequires lib64ntlm0
gkrellm
lib64gsasl7
lib64ntlm0

and gkrellm says "GKrellM charts SMP CPU, load, Disk, and all active net interfaces automatically. "
So, I'll give it a try when accessing my Samba shares from my desktop PC.
To be continued......

CC: (none) => herman.viaene

Comment 4 Herman Viaene 2020-05-19 14:48:03 CEST
Installed gkrellm, run it, then use MCC trying to mount the SMB-shares in MCC. I can define the mout points, but the actual mounting fails. That's not my first worry now - the smb-shares work OK from a Win10.
Checking the trace, found instance of
openat(AT_FDCWD, "/lib64/libntlm.so.0", O_RDONLY|O_CLOEXEC) = 3
but according MCC, this package provides /usr/lib64/libntlm.so.0 which is not the same???? Or is it?????
Comment 5 David Walser 2020-05-19 14:49:18 CEST
/lib64 is a symlink to /usr/lib64 since Mageia 2.
Comment 6 Herman Viaene 2020-05-19 15:52:16 CEST
Of course !!! Stupid me.
OK then for me.

Whiteboard: (none) => MGA7-64-OK

Comment 7 Thomas Andrews 2020-05-20 13:55:14 CEST
Validating. Better advisory in Comment 2.

Keywords: (none) => validated_update
CC: (none) => andrewsfarm, sysadmin-bugs

Thomas Backlund 2020-05-24 15:40:24 CEST

Keywords: (none) => advisory
CC: (none) => tmb

Comment 8 Mageia Robot 2020-05-24 20:06:29 CEST
An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2020-0219.html

Resolution: (none) => FIXED
Status: ASSIGNED => RESOLVED


Note You need to log in before you can comment on or make changes to this bug.