oss-sec mailing list archives
Re: pam_cifscreds stack overflow
From: Sebastian Krahmer <krahmer () suse de>
Date: Mon, 14 Apr 2014 07:59:44 +0200
Hi, About the patch: I was asked by upstream for a re-spin, as they dont want the strlen() but have the snprintf() return value checked. Previous patch is correct in my eyes, but to let you know that there might be a different patch upstream soon. Sebastian On Fri, Apr 11, 2014 at 02:13:42AM -0400, cve-assign () mitre org wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1We are tracking a patch at: https://bugzilla.novell.com/show_bug.cgi?id=870168 Fixing buffer overflow in cifskey, maybe also used in samba itself?Use CVE-2014-2830 for any product that is exploitable because of the use of sprintf as shown in: http://bugzillafiles.novell.org/attachment.cgi?id=585460 Apparently one exploitable case is the pam_cifscreds product. We do not know whether there is an exploitable case in the cifs-utils package because of the: https://git.samba.org/?p=cifs-utils.git;a=blob;f=cifskey.c code. There might be other products using an essentially identical cifskey.c file. - -- CVE assignment team, MITRE CVE Numbering Authority M/S M300 202 Burlington Road, Bedford, MA 01730 USA [ PGP key available through http://cve.mitre.org/cve/request_id.html ] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.14 (SunOS) iQEcBAEBAgAGBQJTR4e+AAoJEKllVAevmvmsXnkIAK1AI1cXGWICxk/efLoDVCTH hkyy/hFYpPa5/qsGoH9sbnHTCtFcHA/rwm2NLLuDCVNzw9C50e/w9mDWI21M4uN3 ogRjeghZjz1ut1TpH6JFD9dnpcUI/JSdFl7vgWlWwmyNcYQowWlUMX/dR5lLnj14 GMUZrHJXuutLUxnsGxX6MOStWRcC3QkOJZREJAdTsru9blhKYZHDsCtdaGQJpnIh ivAEOeYpKY5f+9lfEBbfelNh/G6p6gKjZtPMO0HXdfLXB5iUxLpx8gKNiRrRmzZw EM+s/XfzTnS+3OOy7iQyE1kLN44jPh0S85UuDZ9xxdkEQdEeUszr7TrLgF9s0cA= =5G8d -----END PGP SIGNATURE-----
-- ~ perl self.pl ~ $_='print"\$_=\47$_\47;eval"';eval ~ krahmer () suse de - SuSE Security Team
Current thread:
- pam_cifscreds stack overflow Sebastian Krahmer (Apr 09)
- Re: pam_cifscreds stack overflow cve-assign (Apr 10)
- Re: Re: pam_cifscreds stack overflow Kurt Seifried (Apr 10)
- Re: pam_cifscreds stack overflow cve-assign (Apr 10)
- Re: pam_cifscreds stack overflow Sebastian Krahmer (Apr 13)
- Re: pam_cifscreds stack overflow cve-assign (Apr 10)