---

Conectiva Linux Security Announcement – pam_smb

Date: Mon, 11 Sep 2000 18:53:47 -0300
From: [email protected]
To: [email protected]
Subject: Conectiva Linux Security Announcement – pam_smb


CONECTIVA LINUX SECURITY ANNOUNCEMENT


PACKAGE   : pam_smb
SUMMARY   : Buffer overflow
DATE      : 2000-09-11 18:53:00
RELEVANT
RELEASES  : 5.1

DESCRIPTION
There is a buffer overflow in pam_smb versions 1.1.5 and below that
could be exploited to gain root privileges. This package is not
used by default in Conectiva Linux, but it is part of the
distribution. Remote root access could be gained if a vulnerable
pam_smb were to be used to authenticate users in remote services,
such as ssh, telnet and others.

SOLUTION All pam_smb users should upgrade immediately.

DIRECT DOWNLOAD LINKS TO THE UPDATED PACKAGES

ftp://atualizacoes.conectiva.com.br/5.1/SRPMS/pam_smb-1.1.6-1cl.src.rpm


ftp://atualizacoes.conectiva.com.br/5.1/i386/pam_smb-1.1.6-1cl.i386.rpm


All packages are signed with Conectiva’s GPG key. The key can be
obtained at
http://www.conectiva.com.br/contato


subscribe: [email protected]

unsubscribe: [email protected]