COMMAND

    pam_localuser

SYSTEMS AFFECTED

    Linux

PROBLEM

    The pam_localuser module,  part of the  PAM package, has  a buffer
    overflow vulnerability in  it.  This  module is *not*  used in any
    default configuration and to be  vulnerable an user would have  to
    insert  it  manually  in  a  configuration  file in the /etc/pam.d
    directory.

SOLUTION

    For Immunix OS:

        http://www.immunix.org/ImmunixOS/6.2/updates/RPMS/pam-0.72-20.6.x_StackGuard.i386.rpm
        http://www.immunix.org/ImmunixOS/6.2/updates/SRPMS/pam-0.72-20.6.x_StackGuard.src.rpm
        http://www.immunix.org/ImmunixOS/7.0-beta/updates/RPMS/pam-0.72-37_StackGuard.i386.rpm
        http://www.immunix.org/ImmunixOS/7.0-beta/updates/SRPMS/pam-0.72-37_StackGuard.src.rpm

    For Linux-Mandrake:

        Linux-Mandrake 6.0: 6.0/RPMS/pam-0.72-7.1mdk.i586.rpm
                            6.0/RPMS/pam-devel-0.72-7.1mdk.i586.rpm
                            6.0/RPMS/pam-doc-0.72-7.1mdk.i586.rpm
                            6.0/SRPMS/pam-0.72-7.1mdk.src.rpm
        Linux-Mandrake 6.1: 6.1/RPMS/pam-0.72-7.1mdk.i586.rpm
                            6.1/RPMS/pam-devel-0.72-7.1mdk.i586.rpm
                            6.1/RPMS/pam-doc-0.72-7.1mdk.i586.rpm
                            6.1/SRPMS/pam-0.72-7.1mdk.src.rpm
        Linux-Mandrake 7.0: 7.0/RPMS/pam-0.72-7.1mdk.i586.rpm
                            7.0/RPMS/pam-devel-0.72-7.1mdk.i586.rpm
                            7.0/RPMS/pam-doc-0.72-7.1mdk.i586.rpm
                            7.0/SRPMS/pam-0.72-7.1mdk.src.rpm
        Linux-Mandrake 7.1: 7.1/RPMS/pam-0.72-7.1mdk.i586.rpm
                            7.1/RPMS/pam-devel-0.72-7.1mdk.i586.rpm
                            7.1/RPMS/pam-doc-0.72-7.1mdk.i586.rpm
                            7.1/SRPMS/pam-0.72-7.1mdk.src.rpm
        Linux-Mandrake 7.2: 7.2/RPMS/pam-0.72-13.1mdk.i586.rpm
                            7.2/RPMS/pam-devel-0.72-13.1mdk.i586.rpm
                            7.2/RPMS/pam-doc-0.72-13.1mdk.i586.rpm
                            7.2/SRPMS/pam-0.72-13.1mdk.src.rpm

    For Conectiva Linux:

        ftp://atualizacoes.conectiva.com.br/4.0/SRPMS/pam-0.72-23cl.src.rpm
        ftp://atualizacoes.conectiva.com.br/4.0/i386/pam-0.72-23cl.i386.rpm
        ftp://atualizacoes.conectiva.com.br/4.0es/SRPMS/pam-0.72-23cl.src.rpm
        ftp://atualizacoes.conectiva.com.br/4.0es/i386/pam-0.72-23cl.i386.rpm
        ftp://atualizacoes.conectiva.com.br/4.1/SRPMS/pam-0.72-23cl.src.rpm
        ftp://atualizacoes.conectiva.com.br/4.1/i386/pam-0.72-23cl.i386.rpm
        ftp://atualizacoes.conectiva.com.br/4.2/SRPMS/pam-0.72-23cl.src.rpm
        ftp://atualizacoes.conectiva.com.br/4.2/i386/pam-0.72-23cl.i386.rpm
        ftp://atualizacoes.conectiva.com.br/5.0/SRPMS/pam-0.72-23cl.src.rpm
        ftp://atualizacoes.conectiva.com.br/5.0/i386/pam-0.72-23cl.i386.rpm
        ftp://atualizacoes.conectiva.com.br/5.1/SRPMS/pam-0.72-23cl.src.rpm
        ftp://atualizacoes.conectiva.com.br/5.1/i386/pam-0.72-23cl.i386.rpm
        ftp://atualizacoes.conectiva.com.br/6.0/SRPMS/pam-0.72-23cl.src.rpm
        ftp://atualizacoes.conectiva.com.br/6.0/RPMS/pam-0.72-23cl.i386.rpm