Bug 253315

Summary: CVE-2007-3843 CIFS signing sec= mount options don't work correctly
Product: Red Hat Enterprise Linux 5 Reporter: Marcel Holtmann <holtmann>
Component: kernelAssignee: Jeff Layton <jlayton>
Status: CLOSED ERRATA QA Contact: Martin Jenner <mjenner>
Severity: low Docs Contact:
Priority: low    
Version: 5.0CC: coughlan, jlayton, qcai, staubach, steved
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard: impact=low,source=redhat,reported=20070802,public=20070608
Fixed In Version: RHSA-2007-0705 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2007-09-13 09:13:27 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 275901    
Attachments:
Description Flags
patch -- upstream patch backported to 2.6.18
none
patch -- fix signing mount options none

Description Marcel Holtmann 2007-08-17 20:08:10 UTC 
email from Steve French:

CIFS code was changing the wrong global variable for signing (the old
one, used only by dead, soon to be removed, code in
fs/cifs/connect.c).  Eventually I need to test ntlm, ntlmv2 etc.
override on command line (with or without the "i" integrity checking
option ie ntlmi ... ntlm with signing etc.)
Comment 1 Jeff Layton 2007-08-28 12:16:27 UTC 
Created attachment 176061 [details]
patch -- upstream patch backported to 2.6.18

The upstream patch applied fairly cleanly. Building test kernel with it now.
Comment 2 Jeff Layton 2007-08-28 13:51:27 UTC 
Created attachment 176601 [details]
patch -- fix signing mount options

Previous patch didn't include the change to error out if the signing was
requested but the server didn't support it. This one does. I've given it some
basic unit testing and it works correctly.
Comment 3 Don Howard 2007-08-29 19:29:58 UTC 
A patch for this issue has been included in build 2.6.18-8.1.9.
Comment 6 Red Hat Bugzilla 2007-09-13 09:13:27 UTC 
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHSA-2007-0705.html