Linux-Mandrake Security Update Advisory: Mandrake not vulnerable to pam_smb
Sep 12, 2000, 20:03 (0 Talkback[s])
Re-Imagining Linux Platforms to Meet the Needs of Cloud Service Providers
Date: Tue, 12 Sep 2000 12:16:47 -0600
From: Linux Mandrake Security Team security@LINUX-MANDRAKE.COM
Subject: MDKSA-2000:047 - Linux Mandrake not vulnerable to
Linux-Mandrake Security Update Advisory
Package name: pam_smb and pam_ntdom
Date: September 12th, 2000
Advisory ID: MDKSA-2000:047
Affected versions: None
A bug exists in two PAM modules: pam_smb and pam_ntdom. They are
pluggable authentication modules that allow authentication of
usernames and passwords in PAM-compatible environments against
Windows and Samba. Both modules contain remotely exploitable stack
buffer overflows. This bug allows an attacker to execute arbitary
code as root. The versions affected are: pam_smb < 1.1.6 and
pam_ntdom < 0.24.
Linux-Mandrake does not ship with either the pam_smb or
pam_ntdom modules and is therefore not vulnerable to this exploit.
Linux-Mandrake users who have installed this package on their own
are encouraged to upgrade to the latest versions available:
pam_smb 1.1.6 at ftp://ftp.samba.org/pub/samba/pam_smb/
pam_ntdom 0.24 at http://cb1.com/~lkcl/pam-ntdom/
You can view other security advisories for Linux-Mandrake
If you want to report vulnerabilities, please contact
Linux-Mandrake has two security-related mailing list services
that anyone can subscribe to:
Linux-Mandrake's security announcements mailing list. Only
announcements are sent to this list and it is read-only.
Linux-Mandrake's security discussion mailing list. This list is
open to anyone to discuss Linux-Mandrake security specifically and
Linux security in general.
To subscribe to either list, send a message to email@example.com with
"subscribe [listname]" in the body of the message.
To remove yourself from either list, send a message to firstname.lastname@example.org with
"unsubscribe [listname]" in the body of the message.
To get more information on either list, send a message to
"info [listname]" in the body of the message.
Optionally, you can use the web interface to subscribe to or
unsubscribe from either list: