Subject: samba: The security fix for CVE-2007-2446 broke Samba Package: samba Version: 3.0.24-6 Severity: grave Justification: renders package unusable
This is a copy of a bug opened upstream. A patch is avaliable for 3.0.25 but not for 3.0.24 on etch. It happens on i386, and alpha. 3.0.24-etch2 suffers from the bug too. I'm using Gentoo (the stable tree) and Debian Etch. The recent update that fixes three security bugs has broken my samba domain. I'm able to login in the domain but when accessing the share of a machine which is not the PDC, the sharing machine denies my access. "smbclient -L with my user" against that sharig machine returns me NT_STATUS_NO_LOGON_SERVERS. If I try smbclient against the PDC, the PDC returns me the list of shares. The problem seems to be the fix for CVE-2007-2446. If I recompile the samba package without that fix in my Gentoo boxes, the whole domain works perfectly. The same goes for the Debian machines, if I downgrade the version to the non fixed. Gentoo: Samba 3.0.24-r2 Debian: 3.0.24-6etch1 The log on the sharing machine: [2007/05/18 11:29:36, 0] auth/auth_domain.c:domain_client_validate(246) domain_client_validate: unable to validate password for user rafa in domain CRIPTODOMINIO to Domain controller DILMUN. Error was NT_STATUS_UNSUCCESSFUL. -- System Information: Debian Release: 4.0 APT prefers stable APT policy: (500, 'stable') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.18-4-686 Locale: LANG=en_US, LC_CTYPE=en_US (charmap=ISO-8859-1) Versions of packages samba depends on: ii debconf 1.5.11 Debian configuration management sy ii libacl1 2.2.41-1 Access control list shared library ii libattr1 2.4.32-1 Extended attribute shared library ii libc6 2.3.6.ds1-13 GNU C Library: Shared libraries ii libcomer 1.39+1.40-WIP-2006.11.14+dfsg-2 common error description library ii libcupsy 1.2.7-4 Common UNIX Printing System(tm) - ii libgnutl 1.4.4-3 the GNU TLS library - runtime libr ii libkrb53 1.4.4-7etch1 MIT Kerberos runtime libraries ii libldap2 2.1.30-13.3 OpenLDAP libraries ii libpam-m 0.79-4 Pluggable Authentication Modules f ii libpam-r 0.79-4 Runtime support for the PAM librar ii libpam0g 0.79-4 Pluggable Authentication Modules l ii libpopt0 1.10-3 lib for parsing cmdline parameters ii logrotat 3.7.1-3 Log rotation utility ii lsb-base 3.1-23.1 Linux Standard Base 3.1 init scrip ii netbase 4.29 Basic TCP/IP networking system ii procps 1:3.2.7-3 /proc file system utilities ii samba-co 3.0.24-6 Samba common files used by both th ii zlib1g 1:1.2.3-13 compression library - runtime Versions of packages samba recommends: pn smbldap-tools <none> (no description available) -- debconf information excluded -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]