Apache 2.4.41 corrupts files from samba share

Bug #1930921 reported by Fabian on 2021-06-04
260
This bug affects 1 person
Affects Status Importance Assigned to Milestone
apache2 (Ubuntu)
Undecided
Unassigned
linux (Ubuntu)
Undecided
Unassigned
samba (Ubuntu)
Undecided
Unassigned

Bug Description

Wenn I serve a samba share with apache 2.4.41 on Ubuntu 20.04 then some files have a corrupt header during transmission. It seems that the first few bytes of the headers are truncated and sometimes other bytes of the download are not belonging to the file.

A workaround I found that works is to set "EnableMMAP Off" in the apache config.

See other bug reports like this:

https://serverfault.com/questions/1044724/apache2-sends-corrupt-responses-when-using-a-cifs-share
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=900821

This is most probably not a bug in Ubuntu itself but I am reporting it here since I assume that a data corruption bug is seen as critical.

I am also marking it as a security vulnerability since it seems that wrong parts of memory get exposed during file download. I don't know how random the exposed memory is and if it potentially could expose e.g. secrets.
Please feel free to remove the security vulnerability flag if your assessment leads to a different conclusion.

Revision history for this message
Fabian (fsturm) wrote :
information type: Private Security → Public Security
Revision history for this message
Seth Arnold (seth-arnold) wrote :

I've added a few more packages to the bug; nothing in the various links suggested to me that anyone has yet identified where the fault lies.

Thanks

Revision history for this message
Robie Basak (racb) wrote :

Thank you for taking the time to report this bug and helping to make Ubuntu better.

I'll leave any security assessment and security-based prioritisation for the security team.

From a non-security perspective, I think this is of low priority since it only affects an unusual end-user configuration that is likely to affect only a very small minority of users. Feel free to continue to use this bug to track the problem, but I do not expect anyone else to spend time looking into this soon.

Steve Beattie (sbeattie) on 2021-06-08
Changed in apache2 (Ubuntu):
status: New → Confirmed
Changed in samba (Ubuntu):
status: New → Confirmed
Changed in linux (Ubuntu):
status: New → Confirmed
To post a comment you must log in.
This report contains Public Security information  Edit
Everyone can see this security related information.

Other bug subscribers