Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 543
Alerts This Week
Warning Icon 1 543

Gentoo: 200309-01 Critical: pam_smb Remote Buffer Overflow Exploit

gentoo
Calendar Grey September 1, 2003
Dist Gentoo Esm H88
Gentoo Linux notification concerning potential threats in pam_smb buffer overflow vulnerability. Prompt measures advised to ensure system security. Update without delay!
If a long password is supplied, this can cause a buffer overflow whichcould be exploited to execute arbitrary code with the privileges of theprocess which invokes PAM services.

Summary


- - ---------------------------------------------------------------------
GENTOO LINUX SECURITY ANNOUNCEMENT 200309-01
- - ---------------------------------------------------------------------

- - ---------------------------------------------------------------------
quote from Debian DSA-374-1:
"If a long password is supplied, this can cause a buffer overflow which could be exploited to execute arbitrary code with the privileges of the process which invokes PAM services."
SOLUTION
It is recommended that all Gentoo Linux users who are running net-misc/pam_smb upgrade to pam_smb-2.0.0_rc5 as follows
emerge sync emerge pam_smb emerge clean
- - --------------------------------------------------------------------- aliz@gentoo.org - GnuPG key is available at - - ---------------------------------------------------------------------


Resolution

References

Availability

style>.gentoo_availability{display:block;}

Concerns

Severity
critical
Lowest
Low
Medium
High
Critical

� � � � � PACKAGE : pam_smb
� � � � � SUMMARY : buffer overflow
� � � � � � �DATE : 2003-09-01 12:12 UTC
� � � � � EXPLOIT : remote
VERSIONS AFFECTED : =pam_smb-2.0.0_rc5
� � � � � � � CVE : CAN-2003-0686

Synopsis

Background

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Affected Packages

Impact

Workaround