---

Linux-Mandrake Security Update Advisory: Mandrake not vulnerable to pam_smb

Date: Tue, 12 Sep 2000 12:16:47 -0600
From: Linux Mandrake Security Team [email protected]

To: [email protected]
Subject: MDKSA-2000:047 – Linux Mandrake not vulnerable to
pam_smb


                Linux-Mandrake Security Update Advisory


Package name:           pam_smb and pam_ntdom
Date:                   September 12th, 2000
Advisory ID:            MDKSA-2000:047

Affected versions:      None

Problem Description:

A bug exists in two PAM modules: pam_smb and pam_ntdom. They are
pluggable authentication modules that allow authentication of
usernames and passwords in PAM-compatible environments against
Windows and Samba. Both modules contain remotely exploitable stack
buffer overflows. This bug allows an attacker to execute arbitary
code as root. The versions affected are: pam_smb < 1.1.6 and
pam_ntdom < 0.24.


Linux-Mandrake does not ship with either the pam_smb or
pam_ntdom modules and is therefore not vulnerable to this exploit.
Linux-Mandrake users who have installed this package on their own
are encouraged to upgrade to the latest versions available:

pam_smb 1.1.6 at ftp://ftp.samba.org/pub/samba/pam_smb/

pam_ntdom 0.24 at http://cb1.com/~lkcl/pam-ntdom/


You can view other security advisories for Linux-Mandrake
at:

http://www.linux-mandrake.com/en/security/

If you want to report vulnerabilities, please contact

[email protected]


Linux-Mandrake has two security-related mailing list services
that anyone can subscribe to:

[email protected]

Linux-Mandrake’s security announcements mailing list. Only
announcements are sent to this list and it is read-only.

[email protected]

Linux-Mandrake’s security discussion mailing list. This list is
open to anyone to discuss Linux-Mandrake security specifically and
Linux security in general.

To subscribe to either list, send a message to [email protected] with
“subscribe [listname]” in the body of the message.

To remove yourself from either list, send a message to [email protected] with
“unsubscribe [listname]” in the body of the message.

To get more information on either list, send a message to
[email protected] with
“info [listname]” in the body of the message.

Optionally, you can use the web interface to subscribe to or
unsubscribe from either list:

http://www.linux-mandrake.com/en/flists.php3#security