The pam_smb module contains a remotely exploitable buffer overflow vulnerability. This module is used to authenticate users using an external Server Message Block (SMB) server. A remote attacker may be able to exploit this vulnerability to run arbitrary commands on the system.
The pam_smb module versions 1.1.6 and prior contain a remotely exploitable buffer overflow vulnerability in the processing of the password buffer. This module is used when a system is configured to authenticate users using an external Server Message Block (SMB) server.
An unauthenticated remote attacker may be able to exploit this vulnerability to run arbitrary commands on the system.
This problem is reportedly resolved in version 1.1.7 of the pam_smb module. Upgrade, or apply the patches provided by your vendor.
The Red Hat Security Team has recognized Dave Airlie of the Samba team for reporting this vulnerability.
This document was written by Jason A Rafail.
|Date First Published:||2003-08-29|
|Date Last Updated:||2003-08-29 18:10 UTC|