COMMAND

    pam_smb and pam_ntdom

SYSTEMS AFFECTED

    Linux & Solaris

PROBLEM

    Following is  based on  a Secure  Reality Advisories (SRADV00002).
    pam_smb and  pam_ntdom are  pluggable authentication  modules that
    allow authentication of usernames and passwords in PAM  compatible
    environments (most notably Solaris and Linux) against Windows  and
    Samba.

    Both modules (ONLY in  versions as listed above)  contain remotely
    exploitable stack  buffer overflows.  This bug  allows an attacker
    to execute arbitrary code as root.   This may lead to remote  root
    compromise.

    pam_smb and  pam_ntdom are  used in  heterogenous environments  to
    provide common authentication across unix and windows boxes.  Both
    modules are distributed  from their own  home pages and  the samba
    ftp site and mirrors.  It is reasonable to assume both modules are
    fairly widespread.

    The bug itself is fairly  trivial. pam_smb performs a strcpy  of a
    user controlled variable  (the login name)  into a stack  variable
    of only 16 bytes.  pam_ntdom is based on the code from pam_smb and
    thus inherits this problem (in versions specified).

    Thanks to Dave  Airlie, author of  pam_smb, for his  assistance in
    quickly fixing this problem and cutting new versions of pam_smb.

SOLUTION

    Please upgrade to the latest version of all modules:

        - pam_smb stable 1.1.6 at ftp://ftp.samba.org/pub/samba/pam_smb/
        - pam_smb development 1.9.8 at ftp://ftp.samba.org/pub/samba/pam_smb/devel/
        - pam_ntdom 0.24 at http://cb1.com/~lkcl/pam-ntdom/

    As  the  pam_smb  module  was  only  updated  recently, some samba
    mirrors may not  have the latest  versions at this  stage.  Please
    note  the  version  of  pam_ntdom  on  samba  mirrors  (0.23)   IS
    vulnerable, download the latest version from the URL listed above.

    For Conectiva Linux:

        ftp://atualizacoes.conectiva.com.br/5.1/SRPMS/pam_smb-1.1.6-1cl.src.rpm
        ftp://atualizacoes.conectiva.com.br/5.1/i386/pam_smb-1.1.6-1cl.i386.rpm

    For Debian:

        http://security.debian.org/dists/stable/updates/main/source/libpam-smb_1.1.6-1.diff.gz
        http://security.debian.org/dists/stable/updates/main/source/libpam-smb_1.1.6-1.dsc
        http://security.debian.org/dists/stable/updates/main/source/libpam-smb_1.1.6.orig.tar.gz
        http://security.debian.org/dists/stable/updates/main/binary-alpha/libpam-smb_1.1.6-1_alpha.deb
        http://security.debian.org/dists/stable/updates/main/binary-arm/libpam-smb_1.1.6-1_arm.deb
        http://security.debian.org/dists/stable/updates/main/binary-i386/libpam-smb_1.1.6-1_i386.deb
        http://security.debian.org/dists/stable/updates/main/binary-powerpc/libpam-smb_1.1.6-1_powerpc.deb
        http://security.debian.org/dists/stable/updates/main/binary-sparc/libpam-smb_1.1.6-1_sparc.deb

    For Linux-Mandrake users who have installed this package on  their
    own are  encouraged to  upgrade to  the latest  versions available
    (as shown above).

    For SuSE:

        ftp://ftp.suse.com/pub/suse/i386/update/7.0/n1/pam_smb-1.1.6-0.i386.rpm
        ftp://ftp.suse.com/pub/suse/i386/update/7.0/zq1/pam_smb-1.1.6-0.src.rpm
        ftp://ftp.suse.com/pub/suse/i386/update/6.4/n1/pam_smb-1.1.6-0.i386.rpm
        ftp://ftp.suse.com/pub/suse/i386/update/6.4/zq1/pam_smb-1.1.6-0.src.rpm
        ftp://ftp.suse.com/pub/suse/i386/update/6.3/n1/pam_smb-1.1.6-0.i386.rpm
        ftp://ftp.suse.com/pub/suse/i386/update/6.3/zq1/pam_smb-1.1.6-0.src.rpm
        ftp://ftp.suse.com/pub/suse/i386/update/6.2/n1/pam_smb-1.1.6-0.i386.rpm
        ftp://ftp.suse.com/pub/suse/i386/update/6.2/zq1/pam_smb-1.1.6-0.src.rpm
        ftp://ftp.suse.com/pub/suse/sparc/update/7.0/n1/pam_smb-1.1.6-0.sparc.rpm
        ftp://ftp.suse.com/pub/suse/sparc/update/7.0/zq1/pam_smb-1.1.6-0.src.rpm
        ftp://ftp.suse.com/pub/suse/axp/update/6.4/n1/pam_smb-1.1.6-0.alpha.rpm
        ftp://ftp.suse.com/pub/suse/axp/update/6.4/zq1/pam_smb-1.1.6-0.src.rpm
        ftp://ftp.suse.com/pub/suse/axp/update/6.3/n1/pam_smb-1.1.6-0.alpha.rpm
        ftp://ftp.suse.com/pub/suse/axp/update/6.3/zq1/pam_smb-1.1.6-0.src.rpm
        ftp://ftp.suse.com/pub/suse/ppc/update/6.4/n1/pam_smb-1.1.6-0.ppc.rpm
        ftp://ftp.suse.com/pub/suse/ppc/update/6.4/zq1/pam_smb-1.1.6-0.src.rpm