[kernel] r6581 - in dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian: patches patches/series

Wed May 17 03:48:33 UTC 2006

Author: dannf
Date: Wed May 17 03:48:32 2006
New Revision: 6581

Added:
   dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/smbfs-chroot-escape.dpatch
Modified:
   dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/changelog
   dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/series/2.6.8-16sarge3

Log:
* smbfs-chroot-escape.dpatch
  [SECURITY] Fix directory traversal vulnerability in smbfs that permits
  local users to escape chroot restrictions
  See CVE-2006-1864

Modified: dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/changelog
==============================================================================

--- dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/changelog	(original)
+++ dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/changelog	Wed May 17 03:48:32 2006
@@ -12,8 +12,12 @@
     [SECURITY] Make sure maxnodes is safe size before calculating nlongs in
     get_nodes() to prevent a local DoS vulnerability.
     See CVE-2006-0557
+  * smbfs-chroot-escape.dpatch
+    [SECURITY] Fix directory traversal vulnerability in smbfs that permits
+    local users to escape chroot restrictions
+    See CVE-2006-1864
 
- -- dann frazier <dannf at debian.org>  Tue, 16 May 2006 19:28:02 -0500
+ -- dann frazier <dannf at debian.org>  Tue, 16 May 2006 22:46:36 -0500
 
 kernel-source-2.6.8 (2.6.8-16sarge2) stable-security; urgency=high
 

Modified: dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/series/2.6.8-16sarge3
==============================================================================
--- dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/series/2.6.8-16sarge3	(original)
+++ dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/series/2.6.8-16sarge3	Wed May 17 03:48:32 2006
@@ -2,3 +2,4 @@
 + net-protocol-mod-refcounts.dpatch
 + netfilter-do_replace-overflow.dpatch
 + sys_mbind-sanity-checking.dpatch
++ smbfs-chroot-escape.dpatch

Added: dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/smbfs-chroot-escape.dpatch
==============================================================================
--- (empty file)
+++ dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/smbfs-chroot-escape.dpatch	Wed May 17 03:48:32 2006
@@ -0,0 +1,14 @@
+--- kernel-source-2.6.8-2.6.8/fs/smbfs/dir.c.orig	2006-03-02 20:13:02.000000000 +0100
++++ kernel-source-2.6.8-2.6.8/fs/smbfs/dir.c	2006-05-16 22:27:33.000000000 +0200
+@@ -431,6 +431,11 @@
+ 	if (dentry->d_name.len > SMB_MAXNAMELEN)
+ 		goto out;
+ 
++        /* Do not allow lookup of names with backslashes in */
++        error = -EINVAL;
++        if (memchr(dentry->d_name.name, '\\', dentry->d_name.len))
++                goto out;
++ 
+ 	lock_kernel();
+ 	error = smb_proc_getattr(dentry, &finfo);
+ #ifdef SMBFS_PARANOIA

