Alerts This Week
Warning Icon 1 666
Alerts This Week
Warning Icon 1 666

Gentoo: GLSA-202308-15 Normal: Samba Security Risk Detected

gentoo
Calendar Grey December 4, 2016
Dist Gentoo Esm H88
A warning has been issued for a critical buffer overflow vulnerability in LinuxCIFS utilities that may allow remote exploitation. An upgrade is recommended
A vulnerability in LinuxCIFS utils' "cifscreds" PAM module might allow remote attackers to have an unspecified impact via unknown vectors.

Summary

A stack-based buffer overflow was discovered in cifskey.c or cifscreds.c in LinuxCIFS, as used in "pam_cifscreds."

Topics%20covered

Topics Covered

security advisory gentoo buffer overflow normal linuxcifs

Resolution

All LinuxCIFS utils users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=net-fs/cifs-utils-6.4"

References

[ 1 ] CVE-2014-2830 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2830

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/201612-08
style>.gentoo_availability{display:block;}

Concerns

Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.

Severity: Normal
Title: LinuxCIFS utils: Buffer overflow
Date: December 04, 2016
Bugs: #552634
ID: 201612-08

Topics%20covered

Topics Covered

security advisory gentoo buffer overflow normal linuxcifs

Synopsis

A vulnerability in LinuxCIFS utils' "cifscreds" PAM module might allow remote attackers to have an unspecified impact via unknown vectors.

Background

The LinuxCIFS utils are a collection of tools for managing Linux CIFS Client Filesystems.

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Affected Packages

------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 net-fs/cifs-utils < 6.4 >= 6.4

Impact

===== A remote attacker could exploit this vulnerability to cause an unspecified impact.

Workaround

Don't use LinuxCIFS utils' "cifscreds" PAM module. In Gentoo, LinuxCIFS utils' PAM support is disabled by default unless the "pam" USE flag is enabled.

Related News

Your message here