Red Hat Bugzilla – Bug 253315
CVE-2007-3843 CIFS signing sec= mount options don't work correctly
Last modified: 2007-11-30 17:07:47 EST
email from Steve French:
CIFS code was changing the wrong global variable for signing (the old
one, used only by dead, soon to be removed, code in
fs/cifs/connect.c). Eventually I need to test ntlm, ntlmv2 etc.
override on command line (with or without the "i" integrity checking
option ie ntlmi ... ntlm with signing etc.)
Created attachment 176061 [details]
patch -- upstream patch backported to 2.6.18
The upstream patch applied fairly cleanly. Building test kernel with it now.
Created attachment 176601 [details]
patch -- fix signing mount options
Previous patch didn't include the change to error out if the signing was
requested but the server didn't support it. This one does. I've given it some
basic unit testing and it works correctly.
A patch for this issue has been included in build 2.6.18-8.1.9.
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.