Bug 6798 - need help triaging CVE-2009-2813 in debian
Summary: need help triaging CVE-2009-2813 in debian
Status: RESOLVED FIXED
Alias: None
Product: Samba 3.4
Classification: Unclassified
Component: libsmbclient (show other bugs)
Version: unspecified
Hardware: x86 Linux
: P3 normal
Target Milestone: ---
Assignee: Derrell Lipman
QA Contact: Samba QA Contact
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2009-10-09 17:33 UTC by Michael Gilbert
Modified: 2009-10-15 08:09 UTC (History)
0 users

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Michael Gilbert 2009-10-09 17:33:03 UTC
hi,

i am triaging security issues in debian.  CVE-2009-2813 was issued for samba, but from the text [0], it appears to be mac-specific; however, there is not enough information to confirm or negate this.  can you confirm that this is a mac-only issue or provide links to patches/information?  if you need to reply to the private list, you can send a message to security@debian.org.  thanks.

[0] http://support.apple.com/kb/HT3865
Comment 1 Jeremy Allison 2009-10-09 17:48:45 UTC
Apple discovered the problem, and got the CVS number and issued their own patch for it. It was only later that they notified samba.org that generic Samba may be vulnerable. Yes if /etc/passwd is misconfigured then the same problem could be seen on debian. An administrator would have to explicitly do this however.
Jeremy.
Comment 2 Michael Gilbert 2009-10-09 17:53:34 UTC
(In reply to comment #1)
> Apple discovered the problem, and got the CVS number and issued their own patch
> for it. It was only later that they notified samba.org that generic Samba may
> be vulnerable. Yes if /etc/passwd is misconfigured then the same problem could
> be seen on debian. An administrator would have to explicitly do this however.
> Jeremy.

thanks for the quick response.
Comment 3 Karolin Seeger 2009-10-15 08:09:05 UTC
I think we can close this one, right?
Please re-open if it's still an issue.

Thanks!