OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
Subject: Conectiva Linux Security Announcement - pam_smb
From: secureCONECTIVA.COM.BR
Date: Mon Sep 11 2000 - 16:53:47 CDT


-----------------------------------------------------------------------
CONECTIVA LINUX SECURITY ANNOUNCEMENT
-----------------------------------------------------------------------

PACKAGE : pam_smb
SUMMARY : Buffer overflow
DATE : 2000-09-11 18:53:00
RELEVANT
RELEASES : 5.1

----------------------------------------------------------------------

DESCRIPTION
 There is a buffer overflow in pam_smb versions 1.1.5 and below that
 could be exploited to gain root privileges. This package is not used
 by default in Conectiva Linux, but it is part of the distribution.
 Remote root access could be gained if a vulnerable pam_smb were to be
 used to authenticate users in remote services, such as ssh, telnet
 and others.

SOLUTION
 All pam_smb users should upgrade immediately.

DIRECT DOWNLOAD LINKS TO THE UPDATED PACKAGES
ftp://atualizacoes.conectiva.com.br/5.1/SRPMS/pam_smb-1.1.6-1cl.src.rpm
ftp://atualizacoes.conectiva.com.br/5.1/i386/pam_smb-1.1.6-1cl.i386.rpm

----------------------------------------------------------------------

All packages are signed with Conectiva's GPG key. The key can be
obtained at http://www.conectiva.com.br/contato

----------------------------------------------------------------------
subscribe: atualizacoes-anuncio-subscribebazar.conectiva.com.br
unsubscribe: atualizacoes-anuncio-unsubscribebazar.conectiva.com.br