oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: pam_cifscreds stack overflow

From: cve-assign () mitre org
Date: Thu, 10 Apr 2014 14:16:50 -0400 (EDT)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


We are tracking a patch at:

https://bugzilla.novell.com/show_bug.cgi?id=870168

Fixing buffer overflow in cifskey, maybe also used in samba itself?


This seems potentially applicable:

  https://git.samba.org/?p=cifs-utils.git;a=blob;f=cifskey.c

Does anyone from Samba or Red Hat want to comment on whether this
issue already has a CVE ID? CVE IDs for Samba vulnerabilities
typically originate from the Red Hat CNA, but the specific process --
and how far in advance a CVE ID might be allocated for Samba -- is not
something visible to MITRE.

- -- 
CVE assignment team, MITRE CVE Numbering Authority
M/S M300
202 Burlington Road, Bedford, MA 01730 USA
[ PGP key available through http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (SunOS)

iQEcBAEBAgAGBQJTRt+TAAoJEKllVAevmvms5ZgH/2jMjO0xCgD7By2xsk9Ox/5e
3JW2rph7Zdnl3lm0OMVa+mJkyuw9gV/CMTsfLYb8ct5Boe+j4FoVLL/EdyPS3GAF
ZXTfLWsZ+7gaONWn0sxXltWQ++/vv0stOgJxuRH7PGmX2eiug3y6M+9RoxztQe3v
3RhcLpiYduYTnFULeEn26J7+Zgv2ZFU7Bo0q9fNSDeUhOby02vqDA7wiUhpfBzfr
5PMWsL4x+EANFFDAlZNtumeRhz/4R7c7q783Ux2Y2zGwflhqvn22JK48vzBNIJEL
0jKtsDw+od3RT45EXcmnBzXSHxn6pMXb1P2lzDBq+vQ1t5IkfI+BtDYL+l7waq4=
=XiVs
-----END PGP SIGNATURE-----
Previous By Date Next
Previous By Thread Next

Current thread: