The LinuxCIFS utils are a collection of tools for managing Linux CIFS Client Filesystems.
A stack-based buffer overflow was discovered in cifskey.c or cifscreds.c in LinuxCIFS, as used in “pam_cifscreds.”
A remote attacker could exploit this vulnerability to cause an unspecified impact.
Don’t use LinuxCIFS utils’ “cifscreds” PAM module. In Gentoo, LinuxCIFS utils’ PAM support is disabled by default unless the “pam” USE flag is enabled.
All LinuxCIFS utils users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=net-fs/cifs-utils-6.4"