Bug 189438
Summary: | CVE-2006-1864 smbfs chroot issue | ||
---|---|---|---|
Product: | Red Hat Enterprise Linux 2.1 | Reporter: | Marcel Holtmann <holtmann> |
Component: | kernel | Assignee: | Don Howard <dhoward> |
Status: | CLOSED ERRATA | QA Contact: | Brian Brock <bbrock> |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | 2.1 | CC: | security-response-team |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | i386 | ||
OS: | Linux | ||
Whiteboard: | impact=moderate,source=redhat,reported=20060417,embargo=20060426,public=20060426 | ||
Fixed In Version: | RHSA-2006-0579 | Doc Type: | Bug Fix |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2006-07-13 11:46:33 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | |||
Bug Blocks: | 143573 |
Description
Marcel Holtmann
2006-04-19 22:52:46 UTC
Fix verified: .qa.[root@i386-21as-bos tmp]# ll total 2568 drwxr-xr-x 2 root root 4096 Jul 12 11:50 backup -rw-r--r-- 1 root root 768000 Jul 12 11:42 bak.file drwxr-xr-x 2 root root 4096 Jun 4 01:38 bin drwxr-xr-x 2 root root 4096 Jul 12 08:37 dumper -rw-r--r-- 1 root root 1048576 Jul 12 09:50 dumpy.iso drwxr-xr-x 72 root root 8192 Jul 12 11:58 etc -rw-r--r-- 1 root root 768000 Jul 12 11:21 file.dump drwxr-xr-x 9 root root 4096 Jul 12 11:57 lib drwxr-xr-x 2 root root 4096 Jul 12 10:00 restor .qa.[root@i386-21as-bos tmp]# mkdir /mnt/test .qa.[root@i386-21as-bos tmp]# cd /mnt/test/ .qa.[root@i386-21as-bos test]# ls .qa.[root@i386-21as-bos test]# cd .. .qa.[root@i386-21as-bos mnt]# mount -t smbfs -o username=root,password= //127.0.0.1/tmp /mnt/test/ Anonymous login successful .qa.[root@i386-21as-bos mnt]# cd test/ .qa.[root@i386-21as-bos test]# uname -a Linux i386-21as-bos.lab.boston.redhat.com 2.4.9-e.70 #1 Fri May 5 21:12:54 EDT2006 i686 unknown .qa.[root@i386-21as-bos test]# chroot . bash-2.05# cd ..\\ bash: cd: ..\: Invalid argument bash-2.05# cd ..\\\\ bash: cd: ..\\: Invalid argument bash-2.05# pwd / bash-2.05# ls backup bak.file bin dumper dumpy.iso etc file.dump lib restor bash-2.05# ls -l total 2527 drwxr-xr-x 1 root root 512 Jul 12 11:50 backup -rwxr-xr-x 1 root root 768000 Jul 12 11:42 bak.file drwxr-xr-x 1 root root 512 Jun 4 01:38 bin drwxr-xr-x 1 root root 512 Jul 12 08:37 dumper -rwxr-xr-x 1 root root 1048576 Jul 12 09:50 dumpy.iso drwxr-xr-x 1 root root 512 Jul 12 11:58 etc -rwxr-xr-x 1 root root 768000 Jul 12 11:21 file.dump drwxr-xr-x 1 root root 512 Jul 12 11:57 lib drwxr-xr-x 1 root root 512 Jul 12 10:00 restor An advisory has been issued which should help the problem described in this bug report. This report is therefore being closed with a resolution of ERRATA. For more information on the solution and/or where to find the updated files, please follow the link below. You may reopen this bug report if the solution does not work for you. http://rhn.redhat.com/errata/RHSA-2006-0579.html |