[16722] in bugtraq
Conectiva Linux Security Announcement - pam_smb
daemon@ATHENA.MIT.EDU (secure@CONECTIVA.COM.BR)
Tue Sep 12 00:19:41 2000
Message-ID: <200009112153.SAA03616@distro.conectiva.com.br>
Date: Mon, 11 Sep 2000 18:53:47 -0300
Reply-To: secure@CONECTIVA.COM.BR
From: secure@CONECTIVA.COM.BR
X-To: lwn@lwn.net, security-alert@linuxsecurity.com
To: BUGTRAQ@SECURITYFOCUS.COM
-----------------------------------------------------------------------
CONECTIVA LINUX SECURITY ANNOUNCEMENT
-----------------------------------------------------------------------
PACKAGE : pam_smb
SUMMARY : Buffer overflow
DATE : 2000-09-11 18:53:00
RELEVANT
RELEASES : 5.1
----------------------------------------------------------------------
DESCRIPTION
There is a buffer overflow in pam_smb versions 1.1.5 and below that
could be exploited to gain root privileges. This package is not used
by default in Conectiva Linux, but it is part of the distribution.
Remote root access could be gained if a vulnerable pam_smb were to be
used to authenticate users in remote services, such as ssh, telnet
and others.
SOLUTION
All pam_smb users should upgrade immediately.
DIRECT DOWNLOAD LINKS TO THE UPDATED PACKAGES
ftp://atualizacoes.conectiva.com.br/5.1/SRPMS/pam_smb-1.1.6-1cl.src.rpm
ftp://atualizacoes.conectiva.com.br/5.1/i386/pam_smb-1.1.6-1cl.i386.rpm
----------------------------------------------------------------------
All packages are signed with Conectiva's GPG key. The key can be
obtained at http://www.conectiva.com.br/contato
----------------------------------------------------------------------
subscribe: atualizacoes-anuncio-subscribe@bazar.conectiva.com.br
unsubscribe: atualizacoes-anuncio-unsubscribe@bazar.conectiva.com.br
