RedHat has issued this advisory today (April 30): https://rhn.redhat.com/errata/RHSA-2012-0533.html Cauldron is also affected. The solution there is to upgrade to 3.6.5.
CC: (none) => bgmilne
CC: (none) => pterjan
Blocks: (none) => 5046
Mandriva has issued an advisory for this today (May 1): http://www.mandriva.com/en/support/security/advisories/?dis=2010.1&name=MDVSA-2012:067
For cauldron, 3.6.5 is available in r234445, but I would like to get one more almost-no-impact change in ... I will look at Mageia 1 shortly.
cauldron package done, push requested. Mageia 1 package (samba-3.5.8-1.3.mga1) submitted to updates_testing.
Assignee: bugsquad => qa-bugs
Blocks: 5046 => (none)
Note to QA: This sounds like another nasty one, recommend making this a priority. Advisory: ======================== Updated samba packages fix security vulnerabilities: A flaw was found in the way Samba handled certain Local Security Authority (LSA) Remote Procedure Calls (RPC). An authenticated user could use this flaw to issue an RPC call that would modify the privileges database on the Samba server, allowing them to steal the ownership of files and directories that are being shared by the Samba server, and create, delete, and modify user accounts, as well as other Samba server administration tasks (CVE-2012-2111). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2111 http://www.samba.org/samba/security/CVE-2012-2111 https://rhn.redhat.com/errata/RHSA-2012-0533.html ======================== Updated packages in core/updates_testing: ======================== samba-server-3.5.8-1.3.mga1 samba-client-3.5.8-1.3.mga1 samba-common-3.5.8-1.3.mga1 samba-doc-3.5.8-1.3.mga1 samba-swat-3.5.8-1.3.mga1 samba-winbind-3.5.8-1.3.mga1 nss_wins-3.5.8-1.3.mga1 libsmbclient0-3.5.8-1.3.mga1 libsmbclient0-devel-3.5.8-1.3.mga1 libsmbclient0-static-devel-3.5.8-1.3.mga1 libnetapi0-3.5.8-1.3.mga1 libnetapi-devel-3.5.8-1.3.mga1 libsmbsharemodes0-3.5.8-1.3.mga1 libsmbsharemodes-devel-3.5.8-1.3.mga1 libwbclient0-3.5.8-1.3.mga1 libwbclient-devel-3.5.8-1.3.mga1 mount-cifs-3.5.8-1.3.mga1 samba-domainjoin-gui-3.5.8-1.3.mga1 from samba-3.5.8-1.3.mga1.src.rpm
Testing complete on i586 for the srpm samba-3.5.8-1.3.mga1.src.rpm Just testing that I can access shares on a host from clients under virtualbox. Tested using Updates Testing on both the host and Mageia 1 virtualbox client. Also tested with an xp client.
CC: (none) => davidwhodgins
Testing complete x86_64 (Once I worked out servers needed to be in hosts to be resolved) See comment 4 for advisory and srpm. Could sysadmin please push from core/updates_testing to core/updates Thanks!
Keywords: (none) => validated_updateCC: (none) => sysadmin-bugsHardware: i586 => All
Since we ship mount.cifs in mount-cifs built from samba in Mageia 1, should we not rather push a build with a patch for CVE-2012-1586 (bug #5714) as well? Or should we rather stop building mount-cifs and ensure cifs-utils obsoletes it?
(In reply to comment #6) > Testing complete x86_64 (Once I worked out servers needed to be in hosts to be > resolved) > > See comment 4 for advisory and srpm. > > Could sysadmin please push from core/updates_testing to core/updates > > Thanks! Claire, were you mounting with mount.cifs from mount-cifs package, or from cifs-utils package? cifs-utils suggests nss_wins, which should obviate the need to add servers to /etc/hosts ... [bgmilne@tiger cifs-utils]$ rpm -q nss_wins nss_wins-3.6.5-1.mga1 [bgmilne@tiger cifs-utils]$ nmblookup bgmilne-work-pc querying bgmilne-work-pc on 169.254.255.255 querying bgmilne-work-pc on 192.168.0.255 192.168.0.67 bgmilne-work-pc<00> [bgmilne@tiger cifs-utils]$ getent hosts bgmilne-work-pc 192.168.0.67 bgmilne-work-pc [bgmilne@tiger cifs-utils]$ host bgmilne-work-pc Host bgmilne-work-pc not found: 3(NXDOMAIN)
I was using.. # mount -t cifs //server/share /mount/point -o user=user%password which failed, just sat there and eventually timed out. If I used the IP instead of server it connected OK. It was finding servers but failing to find the shares in mcc. I'm not overly familiar with the workings of samba. nss_wins is installed. nmblookup does find them but getent and host both return and external IP. If you think there is a problem here then please remove the validated_update keyword and we can look into it further.
(In reply to comment #9) > nss_wins is installed. nmblookup does find them but getent and host both return > and external IP. By default, we have wins follow dns in the hosts line of nsswitch.conf, so this is expected. But, you shouldn't be using a hostname that resolves to something public. Maybe your 'search' or 'domain' entry in /etc/resolv.conf is not really appropriate. However, this is not a problem for this update.
If you're happy with the validation then this can still be pushed. Sysadmin please see comment 4, thanks.
(In reply to comment #7) > Since we ship mount.cifs in mount-cifs built from samba in Mageia 1, should we > not rather push a build with a patch for CVE-2012-1586 (bug #5714) as well? > > Or should we rather stop building mount-cifs and ensure cifs-utils obsoletes > it? mount-cifs just has /sbin/mount.cifs3, not mount.cifs. If it's vulnerable to the same bug, it should be patched, but it doesn't need to hold up this update unless mount.cifs3 is installed suid root (according to RedHat, this CVE isn't much of an issue unless it is suid root). So, if applicable, you can just patch it in SVN.
mount.cifs3 is installed setuid, but was not compiled with the ability to be run via setuid: [bgmilne@tiger cifs-utils]$ rpm -qlv mount-cifs |grep ' /bin/mount.cifs3$' -rwsr-xr-x 1 root root 40432 May 1 20:54 /bin/mount.cifs3 [bgmilne@tiger cifs-utils]$ mount.cifs3 This mount.cifs program has been built with the ability to run as a setuid root program disabled. mount.cifs has not been well audited for security holes. Therefore the Samba team does not recommend installing it as a setuid root program. mount.cifs from cifs-utils is not installed setuid by default, but does allow running as setuid: [bgmilne@tiger cifs-utils]$ mount.cifs This program is not installed setuid root - "user" CIFS mounts not supported. [root@tiger ~]# chmod u+s /sbin/mount.cifs [bgmilne@tiger cifs-utils]$ mount.cifs Usage: mount.cifs <remotetarget> <dir> -o <options> [...] So, we are fine shipping as-is. mount.cifs3 from mount-cifs can't be made vulnerable, mount.cifs from cifs-utils isn't vulnerable by default, but can be made so by the administrator, so we are patching it. All good to go. I will try and remember to take care of the mount-cifs issue in Mageia 1 if we have the need for a different samba update in future.
Update pushed.
Status: NEW => RESOLVEDCC: (none) => tmbResolution: (none) => FIXED