View Issue Details

IDProjectCategoryView StatusLast Update
0007188Kali Linux[All Projects] Kali Package Bugpublic2021-07-22 02:56
Reporterbugreporter4us Assigned To 
Status newResolutionopen 
Product Version 
Target VersionFixed in Version 
Summary0007188: cifs-utils version 2:6.11-3 breaks krb5 mounts
DescriptionThis morning after updating against the mirror, cifs-utils was upgraded from 2:6.11-1 to 2:6.11-3. Following this upgrade, my mount for a SMB3 share using krb5i authentication failed. This was reproduced by one other person after updating.

I enabled debuging in my krb5 conf and these are the following results:
key description: cifs.spnego;0;0;39010000;ver=0x2;host=REDACTED;ip4=REDACTED;sec=krb5;uid=0x3e8;creduid=0x0;user=REDACTED;pid=0x2778
May 12 09:23:47 [HOSTNAME] cifs.upcall: ver=2
May 12 09:23:47 [HOSTNAME] cifs.upcall: host=REDACTED
May 12 09:23:47 [HOSTNAME] cifs.upcall: ip=REDACTED
May 12 09:23:47 [HOSTNAME] cifs.upcall: sec=1
May 12 09:23:47 [HOSTNAME] cifs.upcall: uid=1000
May 12 09:23:47 [HOSTNAME] cifs.upcall: creduid=0
May 12 09:23:47 [HOSTNAME] cifs.upcall: user=REDACTED
May 12 09:23:47 [HOSTNAME] cifs.upcall: pid=10104
May 12 09:23:47 [HOSTNAME] cifs.upcall: get_cachename_from_process_env: pid == 0
May 12 09:23:47 [HOSTNAME] cifs.upcall: switch_to_process_ns: setns() failed for cgroup
May 12 09:23:47 [HOSTNAME] cifs.upcall: Exit status 1

This is verified as a problem with cifs-utils vs krb5 by a successful service ticket request using kvno. The mount just does not work.
Steps To ReproduceRequest a TGT against a KDC
Attempt to mount a CIFS share referencing that TGT with krb5i authentication
`mount --verbose -t smb3 //FILESHARE/Folder /mnt/fileshare -o user='USER',sec=krb5i,uid=1000,gid=1000`
Observe failure.
To localize the fault, attempt to request a service ticket directly with krb5 and observe the success.
Additional InformationIt appears that this package has not yet hit the berkeley repo. I updated from



2021-05-12 17:26

reporter   ~0014545

I was wrong about the berkeley repo. Package appears everywhere.


2021-05-14 23:50

reporter   ~0014548

I think likely this is the same issue reported on a newer version on Arch. I imagine the same patch was applied to mitigate CVE 2021-20208
See here for details:


2021-05-17 16:27

administrator   ~0014561

This should really be reported to Debian since we are integrating the package straight from Debian. I don't see any report yet in;dist=unstable;ordering=normal;repeatmerged=0;src=cifs-utils so the report would certainly help. In particular since you pinpointed the regression to a security update.


2021-05-26 23:59

reporter   ~0014590

The relevant Debian bug report is:


2021-06-18 15:22

reporter   ~0014716

As of last night the debian bug has been updated with a fixed package. The update is available in the previously mentioned link. Additionally, the merge request for the package is here:


2021-07-16 08:44

manager   ~0014927

No-one merged this patch in Debian yet unfortunately:


2021-07-19 15:55

reporter   ~0014938

Yeah, I've been trying to keep tabs on it. Seems like a large issue that's going entirely untouched. Is there anything we can do in the Kali community to push this forward? As I understand it the fix is there and ready, just needs to be merged...


2021-07-22 02:56

manager   ~0014943

Not much we can do I'm afraid...

Issue History

Date Modified Username Field Change
2021-05-12 16:34 bugreporter4us New Issue
2021-05-12 17:26 bugreporter4us Note Added: 0014545
2021-05-14 23:50 bugreporter4us Note Added: 0014548
2021-05-17 16:27 rhertzog Note Added: 0014561
2021-05-26 23:59 bugreporter4us Note Added: 0014590
2021-06-18 15:22 bugreporter4us Note Added: 0014716
2021-06-30 08:49 g0tmi1k Priority high => normal
2021-07-16 08:44 arnaudr Note Added: 0014927
2021-07-19 15:55 bugreporter4us Note Added: 0014938
2021-07-22 02:56 arnaudr Note Added: 0014943