[Samba] pam_smb Security Advisory - ALL versions as of 26-08-2003

Dave Airlie airlied at samba.org
Tue Aug 26 12:14:22 GMT 2003

This is to advise all pam_smb users that a possible remote root hole has
been discovered in versions of pam_smb.

Vunerable versions:

1.1.6 and older (all configurations)
2.0.0-rc3 and older (definite problem in non-daemon mode, daemon mode may
be safe but upgrade recommended).

It is recommended to upgrade immediately to either 1.1.7 or 2.0.0-rc5 both
of which are available from the samba.org mirror FTP sites, or from the
website below.

The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the name CAN-2003-0686 to this issue.

All distributions have been advised and updates should become available
throughout the next couple of days from the vendors.

Thanks to Craig Miskell for diagnosing this and contacting me.

Dave Airlie
airlied at samba.or

Releases are available from ftp.samba.org mirrors (please use these).
or via http from
http://pamsmb.sourceforge.net/v1 (for 1.1.7)
http://pamsmb.sourceforge.net/v2 (for 2.0.0-rc5)

David Airlie, Software Engineer
http://www.skynet.ie/~airlied / airlied at skynet.ie
pam_smb / Linux DECstation / Linux VAX / ILUG person
pam_smb list: http://mailman.csn.ul.ie/mailman/listinfo.cgi/pam_smb

More information about the samba mailing list