[ advisories | exploits | discussions | news | conventions | security tools | texts & papers ]
 main menu
- feedback
- advertising
- privacy
- FightAIDS
- newsletter
- news
 
 discussions
- read forum
- new topic
- search
 

 meetings
- meetings list
- recent additions
- add your info
 
 top 100 sites
- visit top sites
- sign up now
- members
 
 webmasters

- add your url
- add domain
- search box
- link to us

 
 projects
- our projects
- free email
 
 m4d network
- security software
- secureroot
- m4d.com
Home : Advisories : SuSE Security Announcement: pam_smb

Title: SuSE Security Announcement: pam_smb
Released by: SuSE
Date: 13th September 2000
Printable version: Click here
-----BEGIN PGP SIGNED MESSAGE-----



______________________________________________________________________________



                        SuSE Security Announcement



        Package:                pam_smb

        Date:                   Wednesday, September 13th, 2000 18:00 MEST

        Affected SuSE versions: 6.2, 6.3, 6.4, 7.0

        Vulnerability Type:     remote root compromise

        Severity (1-10):        8

        SuSE default package:   no

        Other affected systems: Linux systems using the pam_smb module



    Content of this advisory:

        1) security vulnerability resolved: pam_smb

           problem description, discussion, solution and upgrade information

        2) pending vulnerabilities, solutions, workarounds

        3) standard appendix (further information)



______________________________________________________________________________



1)  problem description, brief discussion, solution, upgrade information



    pam_smb is a package for a PAM (Pluggable Authentication Modules) module

    that allows Linux/Unix user authentication using a Windows NT server.

    Versions 1.1.5 and before contain a buffer overflow that would allow

    a remote attacker to gain root access on the target host, provided that

    the target host has the module installed and configured. The bug was

    found by Shaun Clowes , and a new, fixed

    version of the package was promptly published by Dave Airlie

    , the author of the pam_smb package.



    SuSE distributions starting with SuSE-6.2 have the package pam_smb

    installed if a network server installation configuration has been

    selected or if the package has been selected manually. To find out

    if the PAM module is installed, use the command `rpm -q pam_smb'.

    If the module package is not installed, your host does not exhibit

    the weakness.

    If you do not use the pam_smb module, you can safely remove it using the

    command `rpm -e pam_smb'. SuSE provides update packages with the latest

    version of pam_smb. If you do use the module, you should upgrade the

    package as soon as possible.

    There is currently no easy workaround for this problem other than a

    package upgrade.



    Download the update package from locations desribed below and install

    the package with the command `rpm -Fhv file.rpm'. The md5sum for each

    file is in the line below. You can verify the integrity of the rpm

    files using the command

        `rpm --checksig --nogpg file.rpm',

    independently from the md5 signatures below.





    i386 Intel Platform:



    SuSE-7.0

    http://ftp.suse.com/pub/suse/i386/update/7.0/n1/pam_smb-1.1.6-0.i386.rpm

      b5f7c7d92f9f023446a6ca3e73689aee

    source rpm:

    http://ftp.suse.com/pub/suse/i386/update/7.0/zq1/pam_smb-1.1.6-0.src.rpm

      f56fa744add8ccdc9777f28475106148



    SuSE-6.4

    http://ftp.suse.com/pub/suse/i386/update/6.4/n1/pam_smb-1.1.6-0.i386.rpm

      736c2fe5460724461b96d60b057bd4ab

    source rpm:

    http://ftp.suse.com/pub/suse/i386/update/6.4/zq1/pam_smb-1.1.6-0.src.rpm

      fcfa4609d7d62c6fb0e1f03652dcaf56



    SuSE-6.3

    http://ftp.suse.com/pub/suse/i386/update/6.3/n1/pam_smb-1.1.6-0.i386.rpm

      d5559e6f3474adcc041f7f8156cde15d

    source rpm:

    http://ftp.suse.com/pub/suse/i386/update/6.3/zq1/pam_smb-1.1.6-0.src.rpm

      4fecea0bdf9db5c97d20e0c1e6153663



    SuSE-6.2

    http://ftp.suse.com/pub/suse/i386/update/6.2/n1/pam_smb-1.1.6-0.i386.rpm

      73258171e7837d2995b39ebeeb3a87ff

    source rpm:

    http://ftp.suse.com/pub/suse/i386/update/6.2/zq1/pam_smb-1.1.6-0.src.rpm

      f8f6f03f3c15f2f3c38f30bd97164919







    Sparc Platform:



    SuSE-7.0

    http://ftp.suse.com/pub/suse/sparc/update/7.0/n1/pam_smb-1.1.6-0.sparc.rpm

      9514dd4d6b54208468f0b5aca6ac51e4

    source rpm:

    http://ftp.suse.com/pub/suse/sparc/update/7.0/zq1/pam_smb-1.1.6-0.src.rpm

      22e8dc3e1b51a0f73e7451edd32dc824







    AXP Alpha Platform:



    SuSE-6.4

    http://ftp.suse.com/pub/suse/axp/update/6.4/n1/pam_smb-1.1.6-0.alpha.rpm

      58547d46f0d19a73f6df6dd60693379f

    source rpm:

    http://ftp.suse.com/pub/suse/axp/update/6.4/zq1/pam_smb-1.1.6-0.src.rpm

      5a14499e61e22607efd6f5a6700bf9f8



    SuSE-6.3

    http://ftp.suse.com/pub/suse/axp/update/6.3/n1/pam_smb-1.1.6-0.alpha.rpm

      b507bcffe74723c5e950af141e17dce5

    source rpm:

    http://ftp.suse.com/pub/suse/axp/update/6.3/zq1/pam_smb-1.1.6-0.src.rpm

      f9e692675604c2e1fad3567b394e12d6







    PPC Power PC Platform:



    SuSE-6.4

    http://ftp.suse.com/pub/suse/ppc/update/6.4/n1/pam_smb-1.1.6-0.ppc.rpm

      4a098a9308e93f207fa908f6febd7800

    source rpm:

    http://ftp.suse.com/pub/suse/ppc/update/6.4/zq1/pam_smb-1.1.6-0.src.rpm

      7e13f60d71ecbda1fc4e3b3765a5ec35



______________________________________________________________________________



2)  Pending vulnerabilities in SuSE Distributions and Workarounds:



     - zope



        Zope is contained in SuSE-7.0, i386 Intel and Sparc Platforms only.

        A permission problem can lead to users given extra roles for the

        duration of a single request by mutating the roles list as a part

        of the request processing. Please update the package from our ftp

        server using the commands as described above in section 1).



        Considering the moderate severity of the problem and the noise on

        the security mailing lists, we do not provide a seperate security

        advisory to address this problem.



    i386 Intel Platform:



    http://ftp.suse.com/pub/suse/i386/update/7.0/d2/zope-2.1.6-39.i386.rpm

      472928c355c78c40973c01b9dc606adc

    source rpm:

    http://ftp.suse.com/pub/suse/i386/update/7.0/zq1/zope-2.1.6-39.src.rpm

      9adbba630924b684458643f753d44832





    Sparc Platform:



    SuSE-7.0

    http://ftp.suse.com/pub/suse/sparc/update/7.0/d2/zope-2.1.6-45.sparc.rpm

      89358a5217ca6bb3c778cc0f2173d3fb

    source rpm:

    http://ftp.suse.com/pub/suse/sparc/update/7.0/zq1/zope-2.1.6-45.src.rpm

      9ce982884dc73e29bc60da3a00f3ab55





     - xchat



        The xchat IRC client may be tricked to execute arbitrary commands

        if the user clicks on an URL. We will provide an update package

        shortly. Please note that this kind of problem is rather common

        and will be addressed soon in a future advisory for another package.





     - IMP



        IMP is a webmail application to allow users to read and write their

        email in a browser. Security problems have been found that would

        allow attackers to run arbitrary commands on the webserver running

        IMP.

        SuSE does not ship IMP or the Apache module "horde" that IMP is

        based on.

______________________________________________________________________________



3)  standard appendix:



    SuSE runs two security mailing lists to which any interested party may

    subscribe:



    suse-security@suse.com

        -   general/linux/SuSE security discussion.

            All SuSE security announcements are sent to this list.

            To subscribe, send an email to

                .



    suse-security-announce@suse.com

        -   SuSE's announce-only mailing list.

            Only SuSE's security annoucements are sent to this list.

            To subscribe, send an email to

                .



    For general information or the frequently asked questions (faq)

    send mail to:

         or

         respectively.



    ===============================================

    SuSE's security contact is .

    ===============================================



Regards,

Roman Drahtmüller.

- - --

 -                                                                      -

| Roman Drahtmüller       //          "Caution: Cape does |

  SuSE GmbH - Security           Phone: //       not enable user to fly."

| Nürnberg, Germany     +49-911-740530 // (Batman Costume warning label) |

 -                                                                      -

______________________________________________________________________________



    The information in this advisory may be distributed or reproduced,

    provided that the advisory is not modified in any way.

    SuSE GmbH makes no warranties of any kind whatsoever with respect

    to the information contained in this security advisory.



Type Bits/KeyID    Date       User ID

pub  2048/3D25D3D9 1999/03/06 SuSE Security Team 



- -----BEGIN PGP PUBLIC KEY BLOCK-----

Version: 2.6.3i



mQENAzbhLQQAAAEIAKAkXHe0lWRBXLpn38hMHy03F0I4Sszmoc8aaKJrhfhyMlOA

BqvklPLE2f9UrI4Xc860gH79ZREwAgPt0pi6+SleNFLNcNFAuuHMLQOOsaMFatbz

JR9i4m/lf6q929YROu5zB48rBAlcfTm+IBbijaEdnqpwGib45wE/Cfy6FAttBHQh

1Kp+r/jPbf1mYAvljUfHKuvbg8t2EIQz/5yGp+n5trn9pElfQO2cRBq8LFpf1l+U

P7EKjFmlOq+Gs/fF98/dP3DfniSd78LQPq5vp8RL8nr/o2i7jkAQ33m4f1wOBWd+

cZovrKXYlXiR+Bf7m2hpZo+/sAzhd7LmAD0l09kABRG0JVN1U0UgU2VjdXJpdHkg

VGVhbSA8c2VjdXJpdHlAc3VzZS5kZT6JARUDBRA24S1H5Fiyh7HKPEUBAVcOB/9b

yHYji1/+4Xc2GhvXK0FSJN0MGgeXgW47yxDL7gmR4mNgjlIOUHZj0PEpVjWepOJ7

tQS3L9oP6cpj1Fj/XxuLbkp5VCQ61hpt54coQAvYrnT9rtWEGN+xmwejT1WmYmDJ

xG+EGBXKr+XP69oIUl1E2JO3rXeklulgjqRKos4cdXKgyjWZ7CP9V9daRXDtje63

Om8gwSdU/nCvhdRIWp/Vwbf7Ia8iZr9OJ5YuQl0DBG4qmGDDrvImgPAFkYFzwlqo

choXFQ9y0YVCV41DnR+GYhwl2qBd81T8aXhihEGPIgaw3g8gd8B5o6mPVgl+nJqI

BkEYGBusiag2pS6qwznZiQEVAwUQNuEtBHey5gA9JdPZAQFtOAf+KVh939b0J94u

v/kpg4xs1LthlhquhbHcKNoVTNspugiC3qMPyvSX4XcBr2PC0cVkS4Z9PY9iCfT+

x9WM96g39dAF+le2CCx7XISk9XXJ4ApEy5g4AuK7NYgAJd39PPbERgWnxjxir9g0

Ix30dS30bW39D+3NPU5Ho9TD/B7UDFvYT5AWHl3MGwo3a1RhTs6sfgL7yQ3U+mvq

MkTExZb5mfN1FeaYKMopoI4VpzNVeGxQWIz67VjJHVyUlF20ekOz4kWVgsxkc8G2

saqZd6yv2EwqYTi8BDAduweP33KrQc4KDDommQNDOXxaKOeCoESIdM4p7Esdjq1o

L0oixF12Cg==

=pIeS

- -----END PGP PUBLIC KEY BLOCK-----



-----BEGIN PGP SIGNATURE-----

Version: 2.6.3i

Charset: noconv



iQEVAwUBOb+lbHey5gA9JdPZAQGoaAf/Scih4DSvieaIS+nw1amDM4Z4ybO6IXyH

h5V9Oc0pMoacPqN9eqRBgE9AfP2OekCYs4X27TbKpW5sRHZ9/H3ttF+FRrV+ImHe

vCiLjc8tUnY6/yG5mHDTjMtSHpJNmpI1y8oj4VgWfkO9hZcXqP9k/vMblUBMxezi

ZaYRYinPULRQ+CPPapOr5p7KMIx0qGVa9CfEQJpr0g4KFktbQrm5gbDCtEwFSb03

Wrkrfe+WTGqFYJ9zMBJZdn68J9dnjgMM7c/cRmzM9xr3LI0hfPnDCwa8kkLkKBq8

POwK59t2kzfODrBnfymvb/3AlQddt67qbFu3n0mlOoXR42qP1QJpRw==

=OYCm

-----END PGP SIGNATURE-----








(C) 1999-2000 All rights reserved.