Debian Security Advisory

libpam-smb -- remote root exploit

Date Reported:

11 Sep 2000

Affected Packages:

libpam-smb

Vulnerable:

Yes

Security database references:

In Mitre's CVE dictionary: CVE-2000-0843.

More information:

libpam-smb contains a buffer overflow that can be used to execute arbitrary commands with root privilege. libpam-smb was not shipped with Debian 2.1 (slink), but was included in Debian 2.2 (potato).

A fixed version of libpam-smb is available in version 1.1.6-1 for Debian 2.2 (potato). We recommend upgrading your libpam-smb immediately.

Fixed in:

Debian 2.2 (potato)

Source:: http://security.debian.org/dists/potato/updates/main/source/libpam-smb_1.1.6-1.diff.gz; http://security.debian.org/dists/potato/updates/main/source/libpam-smb_1.1.6-1.dsc; http://security.debian.org/dists/potato/updates/main/source/libpam-smb_1.1.6.orig.tar.gz
alpha:: http://security.debian.org/dists/potato/updates/main/binary-alpha/libpam-smb_1.1.6-1_alpha.deb
arm:: http://security.debian.org/dists/potato/updates/main/binary-arm/libpam-smb_1.1.6-1_arm.deb
i386:: http://security.debian.org/dists/potato/updates/main/binary-i386/libpam-smb_1.1.6-1_i386.deb
powerpc:: http://security.debian.org/dists/potato/updates/main/binary-powerpc/libpam-smb_1.1.6-1_powerpc.deb
sparc:: http://security.debian.org/dists/potato/updates/main/binary-sparc/libpam-smb_1.1.6-1_sparc.deb