Re: Re: pam_cifscreds stack overflow

[Kurt Seifried <kseifried () redhat com>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 04/10/2014 12:16 PM, cve-assign () mitre org wrote:
> > We are tracking a patch at:
>
> > https://bugzilla.novell.com/show_bug.cgi?id=870168
>
> > Fixing buffer overflow in cifskey, maybe also used in samba
> > itself?
>
> This seems potentially applicable:
>
> https://git.samba.org/?p=cifs-utils.git;a=blob;f=cifskey.c
>
> Does anyone from Samba or Red Hat want to comment on whether this 
> issue already has a CVE ID? CVE IDs for Samba vulnerabilities 
> typically originate from the Red Hat CNA, but the specific process
> -- and how far in advance a CVE ID might be allocated for Samba --
> is not something visible to MITRE.

Nothing on Red Hat's end regarding this.


- -- 
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBAgAGBQJTRuKbAAoJEBYNRVNeJnmTVIYQAKtF1uptqFoRkPQ+fmMYu07e
xD/8k5BWrlDVhL1JexLjgE99rAXzcxdarCjvl1Ouayiw2OxvwMdK2ZLJ3WGSqGHF
1wPhYN/yHSVCOBTqnwkJfULc4032ogdk5+ujGxDE7jlUyyvMIYO8iVlsrMyd1CnG
nE8iBpjhAebSG7meDlj93ZhqkDGHiRbCs/fJtERUpIRsgznRqPgZXIqObalEGbDt
m9ynoau8jZoRa0+d+JmCgsNrNs5YowoDv/db6xEUcJmLWDZ7M16BDBDyWA4vJd4g
6vrr+Wt6VcqK4VViYv8Ll5cgIVy0uDjIOvdWu/5/HU/FnushGmpaXhwDocID+ApW
u31e+ynTkXyrZELb5HQh9BpF9QuiZjcyEO7urZ3j4UgskldX2fHSD0wflQ2WX23g
pruckllz6Ma9tJeE/ctbC9D5eN3pubUDn6g2uoeOvusPV/Tq/1xt3ImyMrBmU5Nm
gKeB2n0r9/76cPfZvVOvT4vuBB83AKO0OoB2gidCtm+DAcp2JofSUM8iOLjDwJ/8
Ia3XrOBxdf/3u2moUqZWUGtg4Vi9Q6v+3LRHTxTTEHkgtGPmul+k3auciu9/6WoD
DPUFkwB3FGsKUGPLrHYy0lxhWL8NutDo7s+5ZLBdt7ipoNaa7BRlhqghrW/7KEAr
8hLy64sQg6RS5sjbSyeN
=zE/b
-----END PGP SIGNATURE-----