Bug 253315 - CVE-2007-3843 CIFS signing sec= mount options don't work correctly
Summary: CVE-2007-3843 CIFS signing sec= mount options don't work correctly
Alias: None
Product: Red Hat Enterprise Linux 5
Classification: Red Hat
Component: kernel   
(Show other bugs)
Version: 5.0
Hardware: All Linux
Target Milestone: ---
: ---
Assignee: Jeff Layton
QA Contact: Martin Jenner
Whiteboard: impact=low,source=redhat,reported=200...
Keywords: Security
Depends On:
Blocks: CVE-2007-3843
TreeView+ depends on / blocked
Reported: 2007-08-17 20:08 UTC by Marcel Holtmann
Modified: 2007-11-30 22:07 UTC (History)
5 users (show)

Fixed In Version: RHSA-2007-0705
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2007-09-13 09:13:27 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
patch -- upstream patch backported to 2.6.18 (4.17 KB, patch)
2007-08-28 12:16 UTC, Jeff Layton
no flags Details | Diff
patch -- fix signing mount options (4.19 KB, patch)
2007-08-28 13:51 UTC, Jeff Layton
no flags Details | Diff

External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2007:0705 normal SHIPPED_LIVE Important: kernel security update 2007-09-13 09:21:22 UTC

Description Marcel Holtmann 2007-08-17 20:08:10 UTC
email from Steve French:

CIFS code was changing the wrong global variable for signing (the old
one, used only by dead, soon to be removed, code in
fs/cifs/connect.c).  Eventually I need to test ntlm, ntlmv2 etc.
override on command line (with or without the "i" integrity checking
option ie ntlmi ... ntlm with signing etc.)

Comment 1 Jeff Layton 2007-08-28 12:16:27 UTC
Created attachment 176061 [details]
patch -- upstream patch backported to 2.6.18

The upstream patch applied fairly cleanly. Building test kernel with it now.

Comment 2 Jeff Layton 2007-08-28 13:51:27 UTC
Created attachment 176601 [details]
patch -- fix signing mount options

Previous patch didn't include the change to error out if the signing was
requested but the server didn't support it. This one does. I've given it some
basic unit testing and it works correctly.

Comment 3 Don Howard 2007-08-29 19:29:58 UTC
A patch for this issue has been included in build 2.6.18-8.1.9.

Comment 6 Red Hat Bugzilla 2007-09-13 09:13:27 UTC
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.


Note You need to log in before you can comment on or make changes to this bug.