Date: Mon, 11 Sep 2000 18:53:47 -0300
From: secure@CONECTIVA.COM.BR
To: BUGTRAQ@SECURITYFOCUS.COM
Subject: Conectiva Linux Security Announcement – pam_smb
CONECTIVA LINUX SECURITY ANNOUNCEMENT
PACKAGE : pam_smb SUMMARY : Buffer overflow DATE : 2000-09-11 18:53:00 RELEVANT RELEASES : 5.1
DESCRIPTION
There is a buffer overflow in pam_smb versions 1.1.5 and below that
could be exploited to gain root privileges. This package is not
used by default in Conectiva Linux, but it is part of the
distribution. Remote root access could be gained if a vulnerable
pam_smb were to be used to authenticate users in remote services,
such as ssh, telnet and others.
SOLUTION All pam_smb users should upgrade immediately.
DIRECT DOWNLOAD LINKS TO THE UPDATED PACKAGES
ftp://atualizacoes.conectiva.com.br/5.1/SRPMS/pam_smb-1.1.6-1cl.src.rpm
ftp://atualizacoes.conectiva.com.br/5.1/i386/pam_smb-1.1.6-1cl.i386.rpm
All packages are signed with Conectiva’s GPG key. The key can be
obtained at
http://www.conectiva.com.br/contato
subscribe: atualizacoes-anuncio-subscribe@bazar.conectiva.com.br
unsubscribe: atualizacoes-anuncio-unsubscribe@bazar.conectiva.com.br