![[LWN Logo]](/images/lcorner.png)
![[Timeline]](/images/Included.png)
|
|
|
|
Date: Mon, 11 Sep 2000 18:53:47 -0300 To: lwn@lwn.net, bugtraq@securityfocus.com, security-alert@linuxsecurity.com Subject: Conectiva Linux Security Announcement - pam_smb From: secure@conectiva.com.br ----------------------------------------------------------------------- CONECTIVA LINUX SECURITY ANNOUNCEMENT ----------------------------------------------------------------------- PACKAGE : pam_smb SUMMARY : Buffer overflow DATE : 2000-09-11 18:53:00 RELEVANT RELEASES : 5.1 ---------------------------------------------------------------------- DESCRIPTION There is a buffer overflow in pam_smb versions 1.1.5 and below that could be exploited to gain root privileges. This package is not used by default in Conectiva Linux, but it is part of the distribution. Remote root access could be gained if a vulnerable pam_smb were to be used to authenticate users in remote services, such as ssh, telnet and others. SOLUTION All pam_smb users should upgrade immediately. DIRECT DOWNLOAD LINKS TO THE UPDATED PACKAGES ftp://atualizacoes.conectiva.com.br/5.1/SRPMS/pam_smb-1.1.6-1cl.src.rpm ftp://atualizacoes.conectiva.com.br/5.1/i386/pam_smb-1.1.6-1cl.i386.rpm ---------------------------------------------------------------------- All packages are signed with Conectiva's GPG key. The key can be obtained at http://www.conectiva.com.br/contato ---------------------------------------------------------------------- subscribe: atualizacoes-anuncio-subscribe@bazar.conectiva.com.br unsubscribe: atualizacoes-anuncio-unsubscribe@bazar.conectiva.com.br