Home page logo
/

bugtraq logo Bugtraq mailing list archives

Conectiva Linux Security Announcement - pam_smb
From: secure () CONECTIVA COM BR
Date: Mon, 11 Sep 2000 18:53:47 -0300

-----------------------------------------------------------------------
CONECTIVA LINUX SECURITY ANNOUNCEMENT
-----------------------------------------------------------------------

PACKAGE   : pam_smb
SUMMARY   : Buffer overflow
DATE      : 2000-09-11 18:53:00
RELEVANT
RELEASES  : 5.1

----------------------------------------------------------------------

DESCRIPTION
 There is a buffer overflow in pam_smb versions 1.1.5 and below that
 could be exploited to gain root privileges. This package is not used
 by default in Conectiva Linux, but it is part of the distribution.
 Remote root access could be gained if a vulnerable pam_smb were to be
 used to authenticate users in remote services, such as ssh, telnet
 and others.


SOLUTION
 All pam_smb users should upgrade immediately.


DIRECT DOWNLOAD LINKS TO THE UPDATED PACKAGES
ftp://atualizacoes.conectiva.com.br/5.1/SRPMS/pam_smb-1.1.6-1cl.src.rpm
ftp://atualizacoes.conectiva.com.br/5.1/i386/pam_smb-1.1.6-1cl.i386.rpm


----------------------------------------------------------------------

All packages are signed with Conectiva's GPG key. The key can be
obtained at http://www.conectiva.com.br/contato

----------------------------------------------------------------------
subscribe: atualizacoes-anuncio-subscribe () bazar conectiva com br
unsubscribe: atualizacoes-anuncio-unsubscribe () bazar conectiva com br


  By Date           By Thread  

Current thread:
  • Conectiva Linux Security Announcement - pam_smb secure (Sep 12)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]