Apache 2.4.41 corrupts files from samba share
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Debian |
Fix Released
|
Unknown
|
|||
apache2 (Ubuntu) |
Invalid
|
Undecided
|
Unassigned | ||
linux (Ubuntu) |
Triaged
|
Undecided
|
Unassigned | ||
samba (Ubuntu) |
Invalid
|
Undecided
|
Unassigned |
Bug Description
Wenn I serve a samba share with apache 2.4.41 on Ubuntu 20.04 then some files have a corrupt header during transmission. It seems that the first few bytes of the headers are truncated and sometimes other bytes of the download are not belonging to the file.
A workaround I found that works is to set "EnableMMAP Off" in the apache config.
See other bug reports like this:
https:/
https:/
This is most probably not a bug in Ubuntu itself but I am reporting it here since I assume that a data corruption bug is seen as critical.
I am also marking it as a security vulnerability since it seems that wrong parts of memory get exposed during file download. I don't know how random the exposed memory is and if it potentially could expose e.g. secrets.
Please feel free to remove the security vulnerability flag if your assessment leads to a different conclusion.
CVE References
information type: | Private Security → Public Security |
Changed in apache2 (Ubuntu): | |
status: | New → Confirmed |
Changed in samba (Ubuntu): | |
status: | New → Confirmed |
Changed in linux (Ubuntu): | |
status: | New → Confirmed |
Changed in debian: | |
status: | Unknown → Confirmed |
Changed in linux (Ubuntu): | |
status: | Confirmed → Incomplete |
Changed in samba (Ubuntu): | |
status: | Confirmed → Incomplete |
Changed in debian: | |
status: | Confirmed → Fix Released |
I've added a few more packages to the bug; nothing in the various links suggested to me that anyone has yet identified where the fault lies.
Thanks