Bug 189439
Summary: | CVE-2006-1864 smbfs chroot issue | ||
---|---|---|---|
Product: | Red Hat Enterprise Linux 2.1 | Reporter: | Marcel Holtmann <holtmann> |
Component: | kernel | Assignee: | Don Howard <dhoward> |
Status: | CLOSED ERRATA | QA Contact: | Brian Brock <bbrock> |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | 2.1 | CC: | security-response-team |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | ia64 | ||
OS: | Linux | ||
Whiteboard: | impact=moderate,source=secalert,reported=20060417,embargo=20060426,public=20060426 | ||
Fixed In Version: | RHSA-2006-0580 | Doc Type: | Bug Fix |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2006-07-13 11:55:22 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | |||
Bug Blocks: | 143573 |
Description
Marcel Holtmann
2006-04-19 22:53:32 UTC
With e.61, I can reproduce the strange looking current working directory, but I can't seem to break out of the jail. I'll see what happens with the new kernel. //127.0.0.1/tmp 32897536 6115840 26781696 19% /mnt/cdrom .qa.[root@ia64-21as-bos cdrom]# cp -a /bin /etc/ /lib /tmp .qa.[root@ia64-21as-bos cdrom]# ll total 49 drwxr-xr-x 1 root root 16384 Jun 4 02:36 bin drwxr-xr-x 1 root root 16384 Jul 11 17:51 etc drwxr-xr-x 1 root root 16384 Jun 4 02:34 lib -rwxr-xr-x 1 root root 564 Jul 10 09:54 phptest1 -rwxr-xr-x 1 root root 0 Jul 10 09:48 RHTS-CVE-2006-1494pZk24X .qa.[root@ia64-21as-bos cdrom]# chroot . bash-2.05# bash-2.05# ls RHTS-CVE-2006-1494pZk24X bin etc lib phptest1 bash-2.05# pwd /..\ bash-2.05# ls RHTS-CVE-2006-1494pZk24X bin etc lib phptest1 bash-2.05# ls / RHTS-CVE-2006-1494pZk24X bin etc lib phptest1 bash-2.05# cd ..\\ bash-2.05# cd ..\\ bash-2.05# pwd /..\/..\/..\ bash-2.05# ls RHTS-CVE-2006-1494pZk24X bin etc lib phptest1 bash-2.05# cd ..\\ bash-2.05# pwd /..\/..\/..\/..\ bash-2.05# uname -a Linux ia64-21as-bos.lab.boston.redhat.com 2.4.18-e.61smp #1 SMP Thu Jan 19 19:18:08 EST 2006 ia64 unknown While I never got out of the jail with the older kernel, I can see that the newer kernel is definately throwing out an error like it should.. marking verified. .qa.[root@ia64-21as-bos test]# chroot . bash-2.05# ls RHTS-CVE-2006-1494pZk24X bin etc lib phptest1 bash-2.05# cd ..\\ bash: cd: ..\: Invalid argument bash-2.05# cd ..\\ bash: cd: ..\: Invalid argument bash-2.05# pwd / bash-2.05# uname -a Linux ia64-21as-bos.lab.boston.redhat.com 2.4.18-e.62smp #1 SMP Fri May 26 18:45:16 EDT 2006 ia64 unknown An advisory has been issued which should help the problem described in this bug report. This report is therefore being closed with a resolution of ERRATA. For more information on the solution and/or where to find the updated files, please follow the link below. You may reopen this bug report if the solution does not work for you. http://rhn.redhat.com/errata/RHSA-2006-0580.html |