SuSE Security Announcement: Package: pam_smbSep 13, 2000, 18:41 (0 Talkback[s])
(Other stories by Roman Drahtmueller)
Date: Wed, 13 Sep 2000 18:06:29 +0200 (MEST)
SuSE Security Announcement Package: pam_smb Date: Wednesday, September 13th, 2000 18:00 MEST Affected SuSE versions: 6.2, 6.3, 6.4, 7.0 Vulnerability Type: remote root compromise Severity (1-10): 8 SuSE default package: no Other affected systems: Linux systems using the pam_smb module Content of this advisory: 1) security vulnerability resolved: pam_smb problem description, discussion, solution and upgrade information 2) pending vulnerabilities, solutions, workarounds 3) standard appendix (further information)
1) problem description, brief discussion, solution, upgrade information
pam_smb is a package for a PAM (Pluggable Authentication Modules) module that allows Linux/Unix user authentication using a Windows NT server. Versions 1.1.5 and before contain a buffer overflow that would allow a remote attacker to gain root access on the target host, provided that the target host has the module installed and configured. The bug was found by Shaun Clowes email@example.com, and a new, fixed version of the package was promptly published by Dave Airlie , the author of the pam_smb package.
SuSE distributions starting with SuSE-6.2 have the package pam_smb installed if a network server installation configuration has been selected or if the package has been selected manually. To find out if the PAM module is installed, use the command `rpm -q pam_smb'. If the module package is not installed, your host does not exhibit the weakness. If you do not use the pam_smb module, you can safely remove it using the command `rpm -e pam_smb'. SuSE provides update packages with the latest version of pam_smb. If you do use the module, you should upgrade the package as soon as possible. There is currently no easy workaround for this problem other than a package upgrade.
Download the update package from locations desribed below and install the package with the command `rpm -Fhv file.rpm'. The md5sum for each file is in the line below. You can verify the integrity of the rpm files using the command `rpm --checksig --nogpg file.rpm', independently from the md5 signatures below.
i386 Intel Platform:
AXP Alpha Platform:
PPC Power PC Platform:
2) Pending vulnerabilities in SuSE Distributions and Workarounds:
Zope is contained in SuSE-7.0, i386 Intel and Sparc Platforms only. A permission problem can lead to users given extra roles for the duration of a single request by mutating the roles list as a part of the request processing. Please update the package from our ftp server using the commands as described above in section 1).
Considering the moderate severity of the problem and the noise on the security mailing lists, we do not provide a seperate security advisory to address this problem.
i386 Intel Platform:
The xchat IRC client may be tricked to execute arbitrary commands if the user clicks on an URL. We will provide an update package shortly. Please note that this kind of problem is rather common and will be addressed soon in a future advisory for another package.
IMP is a webmail application to allow users to read and write their email in a browser. Security problems have been found that would allow attackers to run arbitrary commands on the webserver running IMP. SuSE does not ship IMP or the Apache module "horde" that IMP is based on.
3) standard appendix:
SuSE runs two security mailing lists to which any interested party may subscribe:
SuSE's security contact is firstname.lastname@example.org.
- - | Roman Drahtmüller email@example.com // "Caution: Cape does | SuSE GmbH - Security Phone: // not enable user to fly." | Nürnberg, Germany +49-911-740530 // (Batman Costume warning label) | - -