Dave Airlie
2003-Aug-26 12:14 UTC
[Samba] pam_smb Security Advisory - ALL versions as of 26-08-2003
This is to advise all pam_smb users that a possible remote root hole has been discovered in versions of pam_smb. Vunerable versions: 1.1.6 and older (all configurations) 2.0.0-rc3 and older (definite problem in non-daemon mode, daemon mode may be safe but upgrade recommended). It is recommended to upgrade immediately to either 1.1.7 or 2.0.0-rc5 both of which are available from the samba.org mirror FTP sites, or from the website below. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2003-0686 to this issue. All distributions have been advised and updates should become available throughout the next couple of days from the vendors. Thanks to Craig Miskell for diagnosing this and contacting me. Dave Airlie 26/08/03. airlied at samba.or http://www.skynet.ie/~airlied/ Releases are available from ftp.samba.org mirrors (please use these). or via http from http://pamsmb.sourceforge.net/v1 (for 1.1.7) http://www.skynet.ie/~airlied/pam_smb/v1 or http://pamsmb.sourceforge.net/v2 (for 2.0.0-rc5) http://www.skynet.ie/~airlied/pam_smb/v2 -- David Airlie, Software Engineer http://www.skynet.ie/~airlied / airlied@skynet.ie pam_smb / Linux DECstation / Linux VAX / ILUG person pam_smb list: http://mailman.csn.ul.ie/mailman/listinfo.cgi/pam_smb