Linux Today: Linux News On Internet Time.
Search Linux Today
Linux News Sections:  Developer -  High Performance -  Infrastructure -  IT Management -  Security -  Storage -
Linux Today Navigation
LT Home
Contribute
Contribute
Link to Us
Linux Jobs


More on LinuxToday


Conectiva Linux Security Announcement - pam_smb

Sep 12, 2000, 05:46 (0 Talkback[s])

Date: Mon, 11 Sep 2000 18:53:47 -0300
From: secure@CONECTIVA.COM.BR
To: BUGTRAQ@SECURITYFOCUS.COM
Subject: Conectiva Linux Security Announcement - pam_smb


CONECTIVA LINUX SECURITY ANNOUNCEMENT


PACKAGE   : pam_smb
SUMMARY   : Buffer overflow
DATE      : 2000-09-11 18:53:00
RELEVANT
RELEASES  : 5.1

DESCRIPTION
There is a buffer overflow in pam_smb versions 1.1.5 and below that could be exploited to gain root privileges. This package is not used by default in Conectiva Linux, but it is part of the distribution. Remote root access could be gained if a vulnerable pam_smb were to be used to authenticate users in remote services, such as ssh, telnet and others.

SOLUTION All pam_smb users should upgrade immediately.

DIRECT DOWNLOAD LINKS TO THE UPDATED PACKAGES
ftp://atualizacoes.conectiva.com.br/5.1/SRPMS/pam_smb-1.1.6-1cl.src.rpm
ftp://atualizacoes.conectiva.com.br/5.1/i386/pam_smb-1.1.6-1cl.i386.rpm


All packages are signed with Conectiva's GPG key. The key can be obtained at
http://www.conectiva.com.br/contato


subscribe: atualizacoes-anuncio-subscribe@bazar.conectiva.com.br
unsubscribe: atualizacoes-anuncio-unsubscribe@bazar.conectiva.com.br