Your message dated Fri, 08 Jun 2007 07:52:45 +0000
with message-id <[EMAIL PROTECTED]>
and subject line Bug#425680: fixed in samba 3.0.24-6etch4
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--- Begin Message ---
Subject: samba: The security fix for CVE-2007-2446 broke Samba
Package: samba
Version: 3.0.24-6
Severity: grave
Justification: renders package unusable
This is a copy of a bug opened upstream. A patch is avaliable for
3.0.25 but not for 3.0.24 on etch.
It happens on i386, and alpha. 3.0.24-etch2 suffers from the bug too.
I'm using Gentoo (the stable tree) and Debian Etch. The recent update that
fixes three security bugs has broken my samba domain. I'm able to login in the
domain but when accessing the share of a machine which is not the PDC, the
sharing machine denies my access.
"smbclient -L with my user" against that sharig machine returns me
NT_STATUS_NO_LOGON_SERVERS. If I try smbclient against the PDC, the PDC returns
me the list of shares. The problem seems to be the fix for CVE-2007-2446. If I
recompile the samba package without that fix in my Gentoo boxes, the whole
domain works perfectly. The same goes for the Debian machines, if I downgrade
the version to the non fixed.
Gentoo: Samba 3.0.24-r2
Debian: 3.0.24-6etch1
The log on the sharing machine:
[2007/05/18 11:29:36, 0] auth/auth_domain.c:domain_client_validate(246)
domain_client_validate: unable to validate password for user rafa in domain
CRIPTODOMINIO to Domain controller DILMUN. Error was NT_STATUS_UNSUCCESSFUL.
-- System Information:
Debian Release: 4.0
APT prefers stable
APT policy: (500, 'stable')
Architecture: i386 (i686)
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 2.6.18-4-686
Locale: LANG=en_US, LC_CTYPE=en_US (charmap=ISO-8859-1)
Versions of packages samba depends on:
ii debconf 1.5.11 Debian configuration management sy
ii libacl1 2.2.41-1 Access control list shared library
ii libattr1 2.4.32-1 Extended attribute shared library
ii libc6 2.3.6.ds1-13 GNU C Library: Shared libraries
ii libcomer 1.39+1.40-WIP-2006.11.14+dfsg-2 common error description library
ii libcupsy 1.2.7-4 Common UNIX Printing System(tm) -
ii libgnutl 1.4.4-3 the GNU TLS library - runtime libr
ii libkrb53 1.4.4-7etch1 MIT Kerberos runtime libraries
ii libldap2 2.1.30-13.3 OpenLDAP libraries
ii libpam-m 0.79-4 Pluggable Authentication Modules f
ii libpam-r 0.79-4 Runtime support for the PAM librar
ii libpam0g 0.79-4 Pluggable Authentication Modules l
ii libpopt0 1.10-3 lib for parsing cmdline parameters
ii logrotat 3.7.1-3 Log rotation utility
ii lsb-base 3.1-23.1 Linux Standard Base 3.1 init scrip
ii netbase 4.29 Basic TCP/IP networking system
ii procps 1:3.2.7-3 /proc file system utilities
ii samba-co 3.0.24-6 Samba common files used by both th
ii zlib1g 1:1.2.3-13 compression library - runtime
Versions of packages samba recommends:
pn smbldap-tools <none> (no description available)
-- debconf information excluded
--- End Message ---
--- Begin Message ---
Source: samba
Source-Version: 3.0.24-6etch4
We believe that the bug you reported is fixed in the latest version of
samba, which is due to be installed in the Debian FTP archive:
libpam-smbpass_3.0.24-6etch4_i386.deb
to pool/main/s/samba/libpam-smbpass_3.0.24-6etch4_i386.deb
libsmbclient-dev_3.0.24-6etch4_i386.deb
to pool/main/s/samba/libsmbclient-dev_3.0.24-6etch4_i386.deb
libsmbclient_3.0.24-6etch4_i386.deb
to pool/main/s/samba/libsmbclient_3.0.24-6etch4_i386.deb
python-samba_3.0.24-6etch4_i386.deb
to pool/main/s/samba/python-samba_3.0.24-6etch4_i386.deb
samba-common_3.0.24-6etch4_i386.deb
to pool/main/s/samba/samba-common_3.0.24-6etch4_i386.deb
samba-dbg_3.0.24-6etch4_i386.deb
to pool/main/s/samba/samba-dbg_3.0.24-6etch4_i386.deb
samba-doc-pdf_3.0.24-6etch4_all.deb
to pool/main/s/samba/samba-doc-pdf_3.0.24-6etch4_all.deb
samba-doc_3.0.24-6etch4_all.deb
to pool/main/s/samba/samba-doc_3.0.24-6etch4_all.deb
samba_3.0.24-6etch4.diff.gz
to pool/main/s/samba/samba_3.0.24-6etch4.diff.gz
samba_3.0.24-6etch4.dsc
to pool/main/s/samba/samba_3.0.24-6etch4.dsc
samba_3.0.24-6etch4_i386.deb
to pool/main/s/samba/samba_3.0.24-6etch4_i386.deb
smbclient_3.0.24-6etch4_i386.deb
to pool/main/s/samba/smbclient_3.0.24-6etch4_i386.deb
smbfs_3.0.24-6etch4_i386.deb
to pool/main/s/samba/smbfs_3.0.24-6etch4_i386.deb
swat_3.0.24-6etch4_i386.deb
to pool/main/s/samba/swat_3.0.24-6etch4_i386.deb
winbind_3.0.24-6etch4_i386.deb
to pool/main/s/samba/winbind_3.0.24-6etch4_i386.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Steve Langasek <[EMAIL PROTECTED]> (supplier of updated samba package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Mon, 28 May 2007 06:03:07 -0700
Source: samba
Binary: python-samba samba-doc-pdf samba-doc libsmbclient libpam-smbpass swat
winbind smbclient samba libsmbclient-dev samba-common samba-dbg smbfs
Architecture: source i386 all
Version: 3.0.24-6etch4
Distribution: stable-security
Urgency: high
Maintainer: Debian Samba Maintainers <[EMAIL PROTECTED]>
Changed-By: Steve Langasek <[EMAIL PROTECTED]>
Description:
libpam-smbpass - pluggable authentication module for SMB/CIFS password database
libsmbclient - shared library that allows applications to talk to SMB/CIFS
serve
libsmbclient-dev - libsmbclient static libraries and headers
python-samba - Python bindings that allow access to various aspects of Samba
samba - a LanManager-like file and printer server for Unix
samba-common - Samba common files used by both the server and the client
samba-dbg - Samba debugging symbols
samba-doc - Samba documentation
samba-doc-pdf - Samba documentation (PDF format)
smbclient - a LanManager-like simple client for Unix
smbfs - mount and umount commands for the smbfs (for kernels >= than 2.2.
swat - Samba Web Administration Tool
winbind - service to resolve user and group information from Windows NT ser
Closes: 425680
Changes:
samba (3.0.24-6etch4) stable-security; urgency=high
.
* Fix a regression introduced by the fix for CVE-2007-2446, which broke
connections to servers that are domain members. Closes: #425680
Files:
8f114259be89190e485ce7af9819237a 1425 net optional samba_3.0.24-6etch4.dsc
b1f423e27b5e602bde20079af4def838 213975 net optional
samba_3.0.24-6etch4.diff.gz
b021af0b6c3418b746ba8601633b1074 6913278 doc optional
samba-doc_3.0.24-6etch4_all.deb
edd2357b274c390c5eb1b717375739d3 6598934 doc optional
samba-doc-pdf_3.0.24-6etch4_all.deb
b6e68104b8d6b5d1f79cbca593b3a8f6 3261176 net optional
samba_3.0.24-6etch4_i386.deb
58854e78ba73d98b529271d745416dac 2381022 net optional
samba-common_3.0.24-6etch4_i386.deb
be4fb85f5605487e7fa5fbbb7e416544 3880346 net optional
smbclient_3.0.24-6etch4_i386.deb
ec699ee2636836630c1f5257829f9658 793304 net optional
swat_3.0.24-6etch4_i386.deb
3ea8fc5b5bcd3691d98292786da16430 412782 otherosfs optional
smbfs_3.0.24-6etch4_i386.deb
2be3fbf44f3d780a7c72843c6cd80ed2 418750 admin extra
libpam-smbpass_3.0.24-6etch4_i386.deb
788ed2181d01a040971a45b0f23fe0f3 757934 libs optional
libsmbclient_3.0.24-6etch4_i386.deb
70a58e3b271f8f70cdf612d9bde3e60e 112288 libdevel extra
libsmbclient-dev_3.0.24-6etch4_i386.deb
4274db9063f9b95622486a2c382f7008 1865746 net optional
winbind_3.0.24-6etch4_i386.deb
78b953065296886d37a5c19949ab94d6 5661190 python optional
python-samba_3.0.24-6etch4_i386.deb
c5deb03cfcecaf4a3a5ce2638ac6a456 11885652 devel extra
samba-dbg_3.0.24-6etch4_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFGXUteKN6ufymYLloRAsFeAKCzd3hiwcPxI9AY+2M0WczKTsgwcgCgztmq
y7S/jIQ8roFOBu+xjZCjYRU=
=7M1X
-----END PGP SIGNATURE-----
--- End Message ---
