[kernel] r6593 - in
dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian:
patches patches/series
Dann Frazier
dannf at costa.debian.org
Wed May 17 17:28:17 UTC 2006
Author: dannf
Date: Wed May 17 17:28:16 2006
New Revision: 6593
Added:
dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/cifs-chroot-escape.dpatch
Modified:
dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/changelog
dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/series/2.6.8-16sarge3
Log:
* smbfs-chroot-escape.dpatch
[SECURITY] Fix directory traversal vulnerability in smbfs that permits
local users to escape chroot restrictions
See CVE-2006-1863
Modified: dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/changelog
==============================================================================
--- dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/changelog (original)
+++ dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/changelog Wed May 17 17:28:16 2006
@@ -24,8 +24,12 @@
[SECURITY][ia64] Fix a potential local DoS on ia64 systems caused by
an incorrect 'noreturn' attribute on die_if_kernel()
See CVE-2006-0742
+ * smbfs-chroot-escape.dpatch
+ [SECURITY] Fix directory traversal vulnerability in smbfs that permits
+ local users to escape chroot restrictions
+ See CVE-2006-1863
- -- dann frazier <dannf at debian.org> Wed, 17 May 2006 01:00:29 -0500
+ -- dann frazier <dannf at debian.org> Wed, 17 May 2006 12:26:48 -0500
kernel-source-2.6.8 (2.6.8-16sarge2) stable-security; urgency=high
Added: dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/cifs-chroot-escape.dpatch
==============================================================================
--- (empty file)
+++ dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/cifs-chroot-escape.dpatch Wed May 17 17:28:16 2006
@@ -0,0 +1,38 @@
+From: Steve French <sfrench at us.ibm.com>
+Date: Fri, 21 Apr 2006 18:18:37 +0000 (+0000)
+Subject: [CIFS] Don't allow a backslash in a path component
+X-Git-Tag: v2.6.17-rc3
+X-Git-Url: http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=296034f7de8bdf111984ce1630ac598a9c94a253
+
+[CIFS] Don't allow a backslash in a path component
+
+Unless Posix paths have been negotiated, the backslash, "\", is not a valid
+character in a path component.
+
+Signed-off-by: Dave Kleikamp <shaggy at austin.ibm.com>
+Signed-off-by: Steve French <sfrench at us.ibm.com>
+---
+
+--- a/fs/cifs/dir.c
++++ b/fs/cifs/dir.c
+@@ -436,6 +436,20 @@ cifs_lookup(struct inode *parent_dir_ino
+ cifs_sb = CIFS_SB(parent_dir_inode->i_sb);
+ pTcon = cifs_sb->tcon;
+
++ /*
++ * Don't allow the separator character in a path component.
++ * The VFS will not allow "/", but "\" is allowed by posix.
++ */
++ if (!(cifs_sb->mnt_cifs_flags & CIFS_MOUNT_POSIX_PATHS)) {
++ int i;
++ for (i = 0; i < direntry->d_name.len; i++)
++ if (direntry->d_name.name[i] == '\\') {
++ cFYI(1, ("Invalid file name"));
++ FreeXid(xid);
++ return ERR_PTR(-EINVAL);
++ }
++ }
++
+ /* can not grab the rename sem here since it would
+ deadlock in the cases (beginning of sys_rename itself)
+ in which we already have the sb rename sem */
Modified: dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/series/2.6.8-16sarge3
==============================================================================
--- dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/series/2.6.8-16sarge3 (original)
+++ dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/series/2.6.8-16sarge3 Wed May 17 17:28:16 2006
@@ -5,3 +5,4 @@
+ smbfs-chroot-escape.dpatch
+ perfmon-exit-race.dpatch
+ ia64-die_if_kernel-returns.dpatch
++ cifs-chroot-escape.dpatch
More information about the Kernel-svn-changes
mailing list