---

SuSE Security Announcement: Package: pam_smb

Date: Wed, 13 Sep 2000 18:06:29 +0200 (MEST)
From: Roman Drahtmueller [email protected]
To: [email protected]
Subject: [suse-security-announce] SuSE Security Announcement:
pam_smb


                        SuSE Security Announcement

        Package:                pam_smb
        Date:                   Wednesday, September 13th, 2000 18:00 MEST
        Affected SuSE versions: 6.2, 6.3, 6.4, 7.0
        Vulnerability Type:     remote root compromise
        Severity (1-10):        8
        SuSE default package:   no
        Other affected systems: Linux systems using the pam_smb module

    Content of this advisory:
        1) security vulnerability resolved: pam_smb
           problem description, discussion, solution and upgrade information
        2) pending vulnerabilities, solutions, workarounds
        3) standard appendix (further information)

1) problem description, brief discussion, solution, upgrade
information

pam_smb is a package for a PAM (Pluggable Authentication
Modules) module that allows Linux/Unix user authentication using a
Windows NT server. Versions 1.1.5 and before contain a buffer
overflow that would allow a remote attacker to gain root access on
the target host, provided that the target host has the module
installed and configured. The bug was found by Shaun Clowes
[email protected],
and a new, fixed version of the package was promptly published by
Dave Airlie , the author of the pam_smb package.

SuSE distributions starting with SuSE-6.2 have the package
pam_smb installed if a network server installation configuration
has been selected or if the package has been selected manually. To
find out if the PAM module is installed, use the command `rpm -q
pam_smb’. If the module package is not installed, your host does
not exhibit the weakness. If you do not use the pam_smb module, you
can safely remove it using the command `rpm -e pam_smb’. SuSE
provides update packages with the latest version of pam_smb. If you
do use the module, you should upgrade the package as soon as
possible. There is currently no easy workaround for this problem
other than a package upgrade.

Download the update package from locations desribed below and
install the package with the command `rpm -Fhv file.rpm’. The
md5sum for each file is in the line below. You can verify the
integrity of the rpm files using the command `rpm –checksig
–nogpg file.rpm’, independently from the md5 signatures below.

i386 Intel Platform:

SuSE-7.0

ftp://ftp.suse.com/pub/suse/i386/update/7.0/n1/pam_smb-1.1.6-0.i386.rpm

b5f7c7d92f9f023446a6ca3e73689aee
source rpm:

ftp://ftp.suse.com/pub/suse/i386/update/7.0/zq1/pam_smb-1.1.6-0.src.rpm

f56fa744add8ccdc9777f28475106148

SuSE-6.4

ftp://ftp.suse.com/pub/suse/i386/update/6.4/n1/pam_smb-1.1.6-0.i386.rpm

736c2fe5460724461b96d60b057bd4ab
source rpm:

ftp://ftp.suse.com/pub/suse/i386/update/6.4/zq1/pam_smb-1.1.6-0.src.rpm

fcfa4609d7d62c6fb0e1f03652dcaf56

SuSE-6.3

ftp://ftp.suse.com/pub/suse/i386/update/6.3/n1/pam_smb-1.1.6-0.i386.rpm

d5559e6f3474adcc041f7f8156cde15d
source rpm:

ftp://ftp.suse.com/pub/suse/i386/update/6.3/zq1/pam_smb-1.1.6-0.src.rpm

4fecea0bdf9db5c97d20e0c1e6153663

SuSE-6.2

ftp://ftp.suse.com/pub/suse/i386/update/6.2/n1/pam_smb-1.1.6-0.i386.rpm

73258171e7837d2995b39ebeeb3a87ff
source rpm:

ftp://ftp.suse.com/pub/suse/i386/update/6.2/zq1/pam_smb-1.1.6-0.src.rpm

f8f6f03f3c15f2f3c38f30bd97164919

Sparc Platform:

SuSE-7.0

ftp://ftp.suse.com/pub/suse/sparc/update/7.0/n1/pam_smb-1.1.6-0.sparc.rpm

9514dd4d6b54208468f0b5aca6ac51e4
source rpm:

ftp://ftp.suse.com/pub/suse/sparc/update/7.0/zq1/pam_smb-1.1.6-0.src.rpm

22e8dc3e1b51a0f73e7451edd32dc824

AXP Alpha Platform:

SuSE-6.4

ftp://ftp.suse.com/pub/suse/axp/update/6.4/n1/pam_smb-1.1.6-0.alpha.rpm

58547d46f0d19a73f6df6dd60693379f
source rpm:

ftp://ftp.suse.com/pub/suse/axp/update/6.4/zq1/pam_smb-1.1.6-0.src.rpm

5a14499e61e22607efd6f5a6700bf9f8

SuSE-6.3

ftp://ftp.suse.com/pub/suse/axp/update/6.3/n1/pam_smb-1.1.6-0.alpha.rpm

b507bcffe74723c5e950af141e17dce5
source rpm:

ftp://ftp.suse.com/pub/suse/axp/update/6.3/zq1/pam_smb-1.1.6-0.src.rpm

f9e692675604c2e1fad3567b394e12d6

PPC Power PC Platform:

SuSE-6.4

ftp://ftp.suse.com/pub/suse/ppc/update/6.4/n1/pam_smb-1.1.6-0.ppc.rpm

4a098a9308e93f207fa908f6febd7800 source rpm:

ftp://ftp.suse.com/pub/suse/ppc/update/6.4/zq1/pam_smb-1.1.6-0.src.rpm

7e13f60d71ecbda1fc4e3b3765a5ec35


2) Pending vulnerabilities in SuSE Distributions and
Workarounds:

– zope

Zope is contained in SuSE-7.0, i386 Intel and Sparc Platforms
only. A permission problem can lead to users given extra roles for
the duration of a single request by mutating the roles list as a
part of the request processing. Please update the package from our
ftp server using the commands as described above in section 1).

Considering the moderate severity of the problem and the noise
on the security mailing lists, we do not provide a seperate
security advisory to address this problem.

i386 Intel Platform:


ftp://ftp.suse.com/pub/suse/i386/update/7.0/d2/zope-2.1.6-39.i386.rpm

472928c355c78c40973c01b9dc606adc
source rpm:

ftp://ftp.suse.com/pub/suse/i386/update/7.0/zq1/zope-2.1.6-39.src.rpm

9adbba630924b684458643f753d44832
Sparc Platform:

SuSE-7.0

ftp://ftp.suse.com/pub/suse/sparc/update/7.0/d2/zope-2.1.6-45.sparc.rpm

89358a5217ca6bb3c778cc0f2173d3fb
source rpm:

ftp://ftp.suse.com/pub/suse/sparc/update/7.0/zq1/zope-2.1.6-45.src.rpm

9ce982884dc73e29bc60da3a00f3ab55

– xchat

The xchat IRC client may be tricked to execute arbitrary
commands if the user clicks on an URL. We will provide an update
package shortly. Please note that this kind of problem is rather
common and will be addressed soon in a future advisory for another
package.

– IMP

IMP is a webmail application to allow users to read and write
their email in a browser. Security problems have been found that
would allow attackers to run arbitrary commands on the webserver
running IMP. SuSE does not ship IMP or the Apache module “horde”
that IMP is based on.


3) standard appendix:

SuSE runs two security mailing lists to which any interested
party may subscribe:

[email protected]
– general/linux/SuSE security discussion.
All SuSE security announcements are sent to this list. To
subscribe, send an email to [email protected].

[email protected]

– SuSE’s announce-only mailing list.
Only SuSE’s security annoucements are sent to this list. To
subscribe, send an email to [email protected].

For general information or the frequently asked questions (faq)
send mail to:
[email protected]
or
[email protected]
respectively.


SuSE’s security contact is [email protected].


Regards,
Roman Drahtmüller.
– – —

 -                                                                      -
| Roman Drahtmüller        [email protected] //          "Caution: Cape does |
  SuSE GmbH - Security           Phone: //       not enable user to fly."
| Nürnberg, Germany     +49-911-740530 // (Batman Costume warning label) |
 -                                                                      -