Bug 3850 - Windows 2003 Security Update KB914389 causes mount.cifs to fail
Summary: Windows 2003 Security Update KB914389 causes mount.cifs to fail
Status: RESOLVED WORKSFORME
Alias: None
Product: CifsVFS
Classification: Unclassified
Component: kernel fs (show other bugs)
Version: 2.4
Hardware: x86 Windows XP
: P3 major
Target Milestone: ---
Assignee: Steve French
QA Contact:
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2006-06-21 19:55 UTC by Dennis Oshiba
Modified: 2009-03-07 11:15 UTC (History)
2 users (show)

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Dennis Oshiba 2006-06-21 19:55:22 UTC
Windows 2003 server automatically updated today (6/21/06) with the security update KB914389.  After update was applied, mount.cifs running on linux 2.4 kernel no longer works.  Without this update applied, mount.cifs works as expected.

cifs-1.20c-2.4.tar.gz
Linux Kernel 2.4.31

KB914389 Microsoft Security Bulletin MS06-030
Vulnerability in Server Message Block Could Allow Elevation of Privilege (914389)

http://www.microsoft.com/technet/security/bulletin/MS06-030.mspx

Output from mount.cifs
----------------------
-bash-2.05b# mount.cifs //192.168.1.33/share /mnt/cifs -o user=administrator,p assword=xxxxx 
mount error 22 = Invalid argument 
Refer to the mount.cifs(8) manual page (e.g.man mount.cifs)
Comment 1 shirishpargaonkar@gmail.com 2006-12-07 03:45:32 UTC
I just applied this security update KB914389 to a Windows 2003 server and attempted a cifs mount from a SLES10 running 2.6.19 and cifs 1.46 and it
succeeded.
Comment 2 Alex Smith 2007-03-06 13:47:59 UTC
Mar  1 09:15:03 fl01 kernel: SELinux: initialized (dev cifs, type cifs), uses genfs_contexts
Mar  1 09:31:49 fl01 kernel:  CIFS VFS: Invalid size SMB length 4 pdu_length 32773
Mar  1 09:31:49 fl01 kernel:  CIFS VFS: No response buffer
Mar  1 09:31:49 fl01 kernel:  CIFS VFS: No response buffer
Mar  1 09:31:49 fl01 kernel:  CIFS VFS: Send error in read = -11
Mar  1 09:31:49 fl01 kernel:  CIFS VFS: Send error in read = -9
Mar  1 09:32:19 fl01 kernel:  CIFS VFS: Invalid size SMB length 4 pdu_length 32773
Mar  1 09:32:20 fl01 kernel:  CIFS VFS: No response buffer
Mar  1 09:32:20 fl01 kernel:  CIFS VFS: Send error in read = -9
Mar  1 09:32:50 fl01 kernel:  CIFS VFS: Invalid size SMB length 4 pdu_length 32773
Mar  1 09:32:50 fl01 kernel:  CIFS VFS: No response buffer
Mar  1 09:32:50 fl01 kernel:  CIFS VFS: Send error in read = -9
Mar  1 09:38:12 fl01 kernel: Unable to handle kernel NULL pointer dereference at virtual address 00000000
Mar  1 09:38:12 fl01 kernel:  printing eip:
Mar  1 09:38:12 fl01 kernel: 00000000
Mar  1 09:38:12 fl01 kernel: *pde = 374a4001
Mar  1 09:38:12 fl01 kernel: Oops: 0010 [#1]
Mar  1 09:38:12 fl01 kernel: SMP
Mar  1 09:38:12 fl01 kernel: Modules linked in: nls_utf8 cifs md5 ipv6 autofs4 button battery ac uhci_hcd ehci_hcd hw_random shpchp e1000(U) dm_snapshot dm_zero dm_mirror ext3 jbd dm_mod ata_piix libata sd_mod scsi_mod
Mar  1 09:38:12 fl01 kernel: CPU:    1
Mar  1 09:38:12 fl01 kernel: EIP:    0060:[<00000000>]    Not tainted VLI
Mar  1 09:38:12 fl01 kernel: EFLAGS: 00010292   (2.6.9-34.0.1.ELsmp)
Mar  1 09:38:12 fl01 kernel: EIP is at 0x0
Mar  1 09:38:12 fl01 kernel: eax: fffffffc   ebx: 0c803500   ecx: c21f5000   edx: 00000000
Mar  1 09:38:12 fl01 kernel: esi: 0a000000   edi: 00000000   ebp: 00000000   esp: f0d6f048
Mar  1 09:38:12 fl01 kernel: ds: 007b   es: 007b   ss: 0068
Mar  1 09:38:12 fl01 kernel: Process cifsd (pid: 22563, threadinfo=f0d6e000 task=ec3bf130)
Mar  1 09:38:12 fl01 kernel: Stack: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
Mar  1 09:38:12 fl01 kernel:        00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
Mar  1 09:38:12 fl01 kernel:        00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
Mar  1 09:38:12 fl01 kernel: Call Trace:
Mar  1 09:38:12 fl01 kernel:  =======================
Mar  1 09:38:12 fl01 kernel: Unable to handle kernel NULL pointer dereference at virtual address 00000060
Mar  1 09:38:12 fl01 kernel:  printing eip:
Mar  1 09:38:12 fl01 kernel: c0105cb4
Mar  1 09:38:12 fl01 kernel: *pde = 374a4001
Mar  1 09:38:12 fl01 kernel: Oops: 0000 [#2]
Mar  1 09:38:12 fl01 kernel: SMP
Mar  1 09:38:12 fl01 kernel: Modules linked in: nls_utf8 cifs md5 ipv6 autofs4 button battery ac uhci_hcd ehci_hcd hw_random shpchp e1000(U) dm_snapshot dm_zero dm_mirror ext3 jbd dm_mod ata_piix libata sd_mod scsi_mod
Mar  1 09:38:12 fl01 kernel: CPU:    1
Mar  1 09:38:12 fl01 kernel: EIP:    0060:[<c0105cb4>]    Not tainted VLI
Mar  1 09:38:12 fl01 kernel: EFLAGS: 00010097   (2.6.9-34.0.1.ELsmp)
Mar  1 09:38:12 fl01 kernel: EIP is at show_trace+0x11/0x6b
Mar  1 09:38:12 fl01 kernel: eax: 00000ffd   ebx: 00000060   ecx: f0d6eeb4   edx: c02dc41e
Mar  1 09:38:12 fl01 kernel: esi: 00000060   edi: 00000000   ebp: 00000068   esp: f0d6eeb4
Mar  1 09:38:12 fl01 kernel: ds: 007b   es: 007b   ss: 0068
Mar  1 09:38:12 fl01 kernel: Process cifsd (pid: 22563, threadinfo=f0d6e000 task=ec3bf130)
Mar  1 09:38:12 fl01 kernel: Stack: f0d6f0a8 00000018 00000000 c0105d81 c02dc448 f0d6f048 f0d6e000 f0d6f014
Mar  1 09:38:12 fl01 kernel:        00000000 c0105e80 c02dc54b 00000001 f0d6e000 f0d6f014 00000010 c02e3c52
Mar  1 09:38:12 fl01 kernel:        c0106027 f0d6f014 c02e3c52 00000010 000000ff 0000000b c0122781 c02e3bb5
Mar  1 09:38:12 fl01 kernel: Call Trace:
Mar  1 09:38:12 fl01 kernel:  [<c0105d81>] show_stack+0x73/0x79
Mar  1 09:38:12 fl01 kernel:  [<c0105e80>] show_registers+0xe6/0x14d
Mar  1 09:38:12 fl01 kernel:  [<c0106027>] die+0xdb/0x16b
Mar  1 09:38:12 fl01 kernel:  [<c0122781>] vprintk+0x136/0x14a
Mar  1 09:38:12 fl01 kernel:  [<c011ad21>] do_page_fault+0x0/0x5c6
Mar  1 09:38:12 fl01 kernel:  [<c011b111>] do_page_fault+0x3f0/0x5c6
Mar  1 09:38:12 fl01 kernel:  [<c01043d7>] copy_thread+0x29/0x239
Mar  1 09:38:12 fl01 kernel:  [<c0121786>] copy_process+0x9be/0xafb
Mar  1 09:38:12 fl01 kernel:  [<c01219af>] do_fork+0x8e/0x175
Mar  1 09:38:12 fl01 kernel:  [<c0121a8c>] do_fork+0x16b/0x175
Mar  1 09:38:12 fl01 kernel:  [<f8b31732>] cifs_demultiplex_thread+0x0/0x839 [cifs]
Mar  1 09:38:12 fl01 kernel:  [<c0104265>] kernel_thread+0x6a/0x72
Mar  1 09:38:12 fl01 kernel: Code: 3c c0 e8 a4 7d 02 00 89 c3 89 f2 b8 44 1e 32 c0 e8 ad b7 1c 00 89 d8 5b 5e c3 57 56 53 89 d3 89 df 89 de 81 e7 00 f0 ff ff eb 34 <8b> 1e 83 c6 04 89 d8 e8 40 c2 02 00 85 c0 74 24 53 68 13 c4 2d
Mar  1 09:38:12 fl01 kernel:  <0>Fatal exception: panic in 5 seconds

Comment 3 shirishpargaonkar@gmail.com 2009-02-03 17:16:28 UTC
Is this still a problem?  If so, can you please let us know the version 
of cifs module you are using and a dump of the cifs module generated
using command objdump -drS?
Comment 4 Steve French 2009-03-07 11:15:31 UTC
Please reopen this if the problem recurs but we do not expect you to see this problem in any reasonably recent cifs build.