LinuxCIFS utils: Buffer overflow

Background

The LinuxCIFS utils are a collection of tools for managing Linux CIFS Client Filesystems.

Description

A stack-based buffer overflow was discovered in cifskey.c or cifscreds.c in LinuxCIFS, as used in “pam_cifscreds.”

Impact

A remote attacker could exploit this vulnerability to cause an unspecified impact.

Workaround

Don’t use LinuxCIFS utils’ “cifscreds” PAM module. In Gentoo, LinuxCIFS utils’ PAM support is disabled by default unless the “pam” USE flag is enabled.

Resolution

All LinuxCIFS utils users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=net-fs/cifs-utils-6.4"