oss-sec mailing list archives
Re: Re: pam_cifscreds stack overflow
From: Kurt Seifried <kseifried () redhat com>
Date: Thu, 10 Apr 2014 12:27:39 -0600
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 04/10/2014 12:16 PM, cve-assign () mitre org wrote:
We are tracking a patch at:https://bugzilla.novell.com/show_bug.cgi?id=870168Fixing buffer overflow in cifskey, maybe also used in samba itself?This seems potentially applicable: https://git.samba.org/?p=cifs-utils.git;a=blob;f=cifskey.c Does anyone from Samba or Red Hat want to comment on whether this issue already has a CVE ID? CVE IDs for Samba vulnerabilities typically originate from the Red Hat CNA, but the specific process -- and how far in advance a CVE ID might be allocated for Samba -- is not something visible to MITRE.
Nothing on Red Hat's end regarding this. - -- Kurt Seifried Red Hat Security Response Team (SRT) PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBAgAGBQJTRuKbAAoJEBYNRVNeJnmTVIYQAKtF1uptqFoRkPQ+fmMYu07e xD/8k5BWrlDVhL1JexLjgE99rAXzcxdarCjvl1Ouayiw2OxvwMdK2ZLJ3WGSqGHF 1wPhYN/yHSVCOBTqnwkJfULc4032ogdk5+ujGxDE7jlUyyvMIYO8iVlsrMyd1CnG nE8iBpjhAebSG7meDlj93ZhqkDGHiRbCs/fJtERUpIRsgznRqPgZXIqObalEGbDt m9ynoau8jZoRa0+d+JmCgsNrNs5YowoDv/db6xEUcJmLWDZ7M16BDBDyWA4vJd4g 6vrr+Wt6VcqK4VViYv8Ll5cgIVy0uDjIOvdWu/5/HU/FnushGmpaXhwDocID+ApW u31e+ynTkXyrZELb5HQh9BpF9QuiZjcyEO7urZ3j4UgskldX2fHSD0wflQ2WX23g pruckllz6Ma9tJeE/ctbC9D5eN3pubUDn6g2uoeOvusPV/Tq/1xt3ImyMrBmU5Nm gKeB2n0r9/76cPfZvVOvT4vuBB83AKO0OoB2gidCtm+DAcp2JofSUM8iOLjDwJ/8 Ia3XrOBxdf/3u2moUqZWUGtg4Vi9Q6v+3LRHTxTTEHkgtGPmul+k3auciu9/6WoD DPUFkwB3FGsKUGPLrHYy0lxhWL8NutDo7s+5ZLBdt7ipoNaa7BRlhqghrW/7KEAr 8hLy64sQg6RS5sjbSyeN =zE/b -----END PGP SIGNATURE-----
Current thread:
- pam_cifscreds stack overflow Sebastian Krahmer (Apr 09)
- Re: pam_cifscreds stack overflow cve-assign (Apr 10)
- Re: Re: pam_cifscreds stack overflow Kurt Seifried (Apr 10)
- Re: pam_cifscreds stack overflow cve-assign (Apr 10)
- Re: pam_cifscreds stack overflow Sebastian Krahmer (Apr 13)
- Re: pam_cifscreds stack overflow cve-assign (Apr 10)