dcsimg
Linux Today: Linux News On Internet Time.




More on LinuxToday


Linux-Mandrake Security Update Advisory: Mandrake not vulnerable to pam_smb

Sep 12, 2000, 20:03 (0 Talkback[s])

WEBINAR:
On-Demand

Re-Imagining Linux Platforms to Meet the Needs of Cloud Service Providers


Date: Tue, 12 Sep 2000 12:16:47 -0600
From: Linux Mandrake Security Team security@LINUX-MANDRAKE.COM
To: BUGTRAQ@SECURITYFOCUS.COM
Subject: MDKSA-2000:047 - Linux Mandrake not vulnerable to pam_smb


                Linux-Mandrake Security Update Advisory



Package name:           pam_smb and pam_ntdom
Date:                   September 12th, 2000
Advisory ID:            MDKSA-2000:047

Affected versions:      None

Problem Description:

A bug exists in two PAM modules: pam_smb and pam_ntdom. They are pluggable authentication modules that allow authentication of usernames and passwords in PAM-compatible environments against Windows and Samba. Both modules contain remotely exploitable stack buffer overflows. This bug allows an attacker to execute arbitary code as root. The versions affected are: pam_smb < 1.1.6 and pam_ntdom < 0.24.


Linux-Mandrake does not ship with either the pam_smb or pam_ntdom modules and is therefore not vulnerable to this exploit. Linux-Mandrake users who have installed this package on their own are encouraged to upgrade to the latest versions available:

pam_smb 1.1.6 at ftp://ftp.samba.org/pub/samba/pam_smb/
pam_ntdom 0.24 at http://cb1.com/~lkcl/pam-ntdom/


You can view other security advisories for Linux-Mandrake at:

http://www.linux-mandrake.com/en/security/

If you want to report vulnerabilities, please contact

security@linux-mandrake.com


Linux-Mandrake has two security-related mailing list services that anyone can subscribe to:

security-announce@linux-mandrake.com

Linux-Mandrake's security announcements mailing list. Only announcements are sent to this list and it is read-only.

security-discuss@linux-mandrake.com

Linux-Mandrake's security discussion mailing list. This list is open to anyone to discuss Linux-Mandrake security specifically and Linux security in general.

To subscribe to either list, send a message to sympa@linux-mandrake.com with "subscribe [listname]" in the body of the message.

To remove yourself from either list, send a message to sympa@linux-mandrake.com with "unsubscribe [listname]" in the body of the message.

To get more information on either list, send a message to sympa@linux-mandrake.com with "info [listname]" in the body of the message.

Optionally, you can use the web interface to subscribe to or unsubscribe from either list:

http://www.linux-mandrake.com/en/flists.php3#security