Bug#426002: (forw) Re: Bug#426002: Bug#425680: samba: The security fix for CVE-2007-2446 broke Samba

Sun, 27 May 2007 22:28:01 -0700 

Sigh.

I suspect that #426002 could be another bug.....or something specific
in our user's setup

----- Forwarded message from "Jose L. Fernandez Jambrina" <[EMAIL PROTECTED]> 
-----

Date: Sun, 27 May 2007 20:08:55 +0200 (CEST)
Subject: Re: Bug#426002: Bug#425680: samba: The security fix for 
     CVE-2007-2446 broke Samba
From: "Jose L. Fernandez Jambrina" <[EMAIL PROTECTED]>
To: Christian Perrier <[EMAIL PROTECTED]>
X-CRM114-Status: Good  ( pR: 999.99  )

El Dom, 27 de Mayo de 2007, 7:56 am, Christian Perrier escribió:
>> Hi,
>>   I tested it with the exception of samba_3.0.24-6etch3_i386.deb because
>> it depends on libgnutls11 that doesn't exist in etch3.
>
>
> In order to test the packages anyway, you need to add a sources.list
> for sarge in /etc/apt/sources.list:
>
> #  Sarge
> deb http://ftp.debian.org/debian sarge main
>
>
> This way, you can "aptitude install libgnutls11" before installing the
> test packages and they'll work.
>

Hi,
  I tested again with samba_3.0.24-6etch3_i386.deb installed as you
proposed, with the same results

Some users are authenticated:

c411b:~# wbinfo -a LANGROUP\\jambrina%-------
plaintext password authentication succeeded
challenge/response password authentication succeeded

Other no:

c411b:~# wbinfo -a LANGROUP\\lmguest%--------
plaintext password authentication failed
error code was NT_STATUS_NO_LOGON_SERVERS (0xc000005e)
error messsage was: No logon servers
Could not authenticate user LANGROUP\lmguest%-------- with plaintext password
challenge/response password authentication failed
error code was NT_STATUS_NO_LOGON_SERVERS (0xc000005e)
error messsage was: No logon servers
Could not authenticate user LANGROUP\lmguest with challenge/response

But even in this case bad password are detected in some way:

c411b:~# wbinfo -a LANGROUP\\lmguest%------
plaintext password authentication failed
error code was NT_STATUS_WRONG_PASSWORD (0xc000006a)
error messsage was: Wrong Password
Could not authenticate user LANGROUP\lmguest%------ with plaintext password
challenge/response password authentication failed
error code was NT_STATUS_WRONG_PASSWORD (0xc000006a)
error messsage was: Wrong Password
Could not authenticate user LANGROUP\lmguest with challenge/response

So as long as it affects me, the bug is not solved

I would try version 3.0.25-1+b1 but it seems that it will take long to
have it in testing, and it seems cumbersome to move to experimental: now
i'm stable. :(



-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.



 ** CRM114 Whitelisted by: [EMAIL PROTECTED] **

----- End forwarded message -----

--

Attachment: signature.asc
Description: Digital signature

Reply via email to