A vulnerability in LinuxCIFS utils' "cifscreds" PAM module might allow remote attackers to have an unspecified impact via unknown vectors.
|Package||net-fs/cifs-utils on all architectures|
|Affected versions||< 6.4|
|Unaffected versions||>= 6.4|
The LinuxCIFS utils are a collection of tools for managing Linux CIFS Client Filesystems.
A stack-based buffer overflow was discovered in cifskey.c or cifscreds.c in LinuxCIFS, as used in “pam_cifscreds.”
A remote attacker could exploit this vulnerability to cause an unspecified impact.
Don’t use LinuxCIFS utils’ “cifscreds” PAM module. In Gentoo, LinuxCIFS utils’ PAM support is disabled by default unless the “pam” USE flag is enabled.
All LinuxCIFS utils users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=net-fs/cifs-utils-6.4"
December 04, 2016
December 04, 2016: 1