Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
[ GLSA 201612-08 ] LinuxCIFS utils
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index News & Announcements
View previous topic :: View next topic  
Author Message
GLSA
Advocate
Advocate


Joined: 12 May 2004
Posts: 2235

PostPosted: Sun Dec 04, 2016 1:26 pm    Post subject: [ GLSA 201612-08 ] LinuxCIFS utils Reply with quote

Gentoo Linux Security Advisory

Title: LinuxCIFS utils: Buffer overflow (GLSA 201612-08)
Severity: normal
Exploitable: remote
Date: December 04, 2016
Bug(s): #552634
ID: 201612-08

Synopsis

A vulnerability in LinuxCIFS utils' "cifscreds" PAM module might
allow remote attackers to have an unspecified impact via unknown vectors.


Background

The LinuxCIFS utils are a collection of tools for managing Linux CIFS
Client Filesystems.


Affected Packages

Package: net-fs/cifs-utils
Vulnerable: < 6.4
Unaffected: >= 6.4
Architectures: All supported architectures


Description

A stack-based buffer overflow was discovered in cifskey.c or cifscreds.c
in LinuxCIFS, as used in “pam_cifscreds.”


Impact

A remote attacker could exploit this vulnerability to cause an
unspecified impact.


Workaround

Don’t use LinuxCIFS utils’ “cifscreds” PAM module. In Gentoo,
LinuxCIFS utils’ PAM support is disabled by default unless the
“pam” USE flag is enabled.


Resolution

All LinuxCIFS utils users should upgrade to the latest version:
Code:
# emerge --sync
      # emerge --ask --oneshot --verbose ">=net-fs/cifs-utils-6.4"
   


References

CVE-2014-2830
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index News & Announcements All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum