Univention Bugzilla – Full Text Bug Listing |
Summary: | Samba: Multiple issues (4.1) | ||
---|---|---|---|
Product: | UCS | Reporter: | Arvid Requate <requate> |
Component: | Security updates | Assignee: | Arvid Requate <requate> |
Status: | CLOSED FIXED | QA Contact: | Felix Botner <botner> |
Severity: | normal | ||
Priority: | P1 | CC: | gohmann |
Version: | UCS 4.1 | ||
Target Milestone: | UCS 4.1-4-errata | ||
Hardware: | Other | ||
OS: | Linux | ||
What kind of report is it?: | Security Issue | What type of bug is this?: | --- |
Who will be affected by this bug?: | --- | How will those affected feel about the bug?: | --- |
User Pain: | Enterprise Customer affected?: | ||
School Customer affected?: | ISV affected?: | ||
Waiting Support: | Flags outvoted (downgraded) after PO Review: | ||
Ticket number: | Bug group (optional): | Security | |
Max CVSS v3 score: | |||
Bug Depends on: | 43681 | ||
Bug Blocks: | 43679 | ||
Attachments: |
window error after multiple explorer reloads on samba share
smbd log - created dir in windows explorer, not visible smbd log - many reloads, windows error OK smbd log - create Neuer Ordner (7) with old version CVE-2017-2619-v45.patch |
Created attachment 8476 [details]
4.5-racefix.diff
diffstat:
dir.c | 171 ++++++++++++++++++++++++++---------
open.c | 310 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++-----
2 files changed, 412 insertions(+), 69 deletions(-)
The patch applied to samba 4.5.3. Remarkable patches in patches/samba/4.1-0-0-ucs/2:4.5.1-1-errata4.1-4: * 00_samba-4.5.1-4.5.2.diffs.quilt * 00_samba-4.5.2-4.5.3.diffs.quilt * 99_fix_CVE-2017-2619.quilt I've rebuilt winexe too Advisory: samba.yaml Additional patches are required, I've committed them as: 99_sambabug12499.quilt 99_sambabug12531-squashed.quilt 99_sambabug12546.quilt 99_sambabug12591.quilt Samba is rebuilding, yaml adjusted. There is a problem with shares and windows 8.1. I i create a folder via the windows explorer in a samba share, the folder is not visible until i reload the explorer. And if i reload very often or change into a share folder and back very fast and very often i get a windows error message: Das Handle ist ungültig: In both cases the final smbd error message (log 10) is smbd_smb2_request_done_ex: idx[1] status[NT_STATUS_INVALID_HANDLE] body[8] dyn[yes:1] at ../source3/smbd/smb2_server.c:3145 This does not happen with windows 7. Created attachment 8576 [details]
window error after multiple explorer reloads on samba share
Created attachment 8577 [details]
smbd log - created dir in windows explorer, not visible
Created attachment 8578 [details]
smbd log - many reloads, windows error
This happens with 2:4.5.1-1.854.201703162118, but not with the released version 2:4.5.1-1.851.201701050832. Created attachment 8579 [details]
OK smbd log - create Neuer Ordner (7) with old version
succeededa
Ok, the patch 99_fix_CVE-2017-2619.quilt could introduce this. It adds code to OpenDir_fsp (in dir.c) which returns EBADF under certain conditions, and EBADF gets mapped to NT_STATUS_INVALID_HANDLE. OpenDir_fsp may get called by dptr_create: ================================================================================ [2017/03/17 15:54:54.905298, 5, pid=26913, effective(2013, 5001), real(2013, 0)] ../source3/smbd/dir.c:474(dptr_create) dptr_create dir=. [2017/03/17 15:54:54.905327, 3, pid=26913, effective(2013, 5001), real(2013, 0)] ../source3/smbd/smb2_server.c:3097(smbd_smb2_request_error_ex) smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1] status[NT_STATUS_INVALID_HANDLE] || at ../source3/smbd/smb2_query_directory.c:154 ================================================================================ No idea yet what's going on. I've reported this upstream. One other code that might play into this is the 99_sambabug12531-squashed.quilt, where set_conn_connectpath -> canonicalize_absolute_path probably transforms "." to "/" in Felix's "smbd log - many reloads, windows error". One option would be to update to 4.5.7 when it's released on Monday. That way we are the closest to upstream and better collaborate in case this really turns out to be a problem. I favor this approach currently. Created attachment 8592 [details]
CVE-2017-2619-v45.patch
Upstream updated the patch.
The package has been rebuilt and the advisory is updated.
* install (master, slave, backup + 2 win clients) OK - ucs install / join OK - win join, logon OK - user sync, password sync OK - shares OK - gpo OK - patches OK - printer * update OK - update works, minimal samba test |
Created attachment 8475 [details] CVE-2017-2619.txt A security update for Samba is planned. Deadline is 2017-03-29. * Symlink race allows access outside share definition (CVE-2017-2619). In UCS 4.1 we currently ship Samba 4.5.1. Release of Samba 4.5.6 is scheduled for March 15, this is supposed to contain - quote "a large set of supporting fixes". The actual security update will be 4.5.7.