GLSA Advocate
Joined: 12 May 2004 Posts: 2663
|
Posted: Sun Dec 04, 2016 1:26 pm Post subject: [ GLSA 201612-08 ] LinuxCIFS utils |
|
|
Gentoo Linux Security Advisory
Title: LinuxCIFS utils: Buffer overflow (GLSA 201612-08)
Severity: normal
Exploitable: remote
Date: December 04, 2016
Bug(s): #552634
ID: 201612-08
Synopsis
A vulnerability in LinuxCIFS utils' "cifscreds" PAM module might
allow remote attackers to have an unspecified impact via unknown vectors.
Background
The LinuxCIFS utils are a collection of tools for managing Linux CIFS
Client Filesystems.
Affected Packages
Package: net-fs/cifs-utils
Vulnerable: < 6.4
Unaffected: >= 6.4
Architectures: All supported architectures
Description
A stack-based buffer overflow was discovered in cifskey.c or cifscreds.c
in LinuxCIFS, as used in “pam_cifscreds.”
Impact
A remote attacker could exploit this vulnerability to cause an
unspecified impact.
Workaround
Don’t use LinuxCIFS utils’ “cifscreds” PAM module. In Gentoo,
LinuxCIFS utils’ PAM support is disabled by default unless the
“pam” USE flag is enabled.
Resolution
All LinuxCIFS utils users should upgrade to the latest version: Code: | # emerge --sync
# emerge --ask --oneshot --verbose ">=net-fs/cifs-utils-6.4"
|
References
CVE-2014-2830 |
|