LinuxCIFS utils: Buffer overflow — GLSA 201612-08

A vulnerability in LinuxCIFS utils' "cifscreds" PAM module might allow remote attackers to have an unspecified impact via unknown vectors.

Affected Packages

net-fs/cifs-utils on all architectures
Affected versions < 6.4
Unaffected versions >= 6.4

Background

The LinuxCIFS utils are a collection of tools for managing Linux CIFS Client Filesystems.

Description

A stack-based buffer overflow was discovered in cifskey.c or cifscreds.c in LinuxCIFS, as used in “pam_cifscreds.”

Impact

A remote attacker could exploit this vulnerability to cause an unspecified impact.

Workaround

Don’t use LinuxCIFS utils’ “cifscreds” PAM module. In Gentoo, LinuxCIFS utils’ PAM support is disabled by default unless the “pam” USE flag is enabled.

Resolution

All LinuxCIFS utils users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=net-fs/cifs-utils-6.4"
 

References

Release Date
December 04, 2016

Latest Revision
December 04, 2016: 1

Severity
normal

Exploitable
remote

Bugzilla entries