Date: Wed, 13 Sep 2000 18:06:29 +0200 (MEST)
From: Roman Drahtmueller <draht@suse.de>
Message-ID: <Pine.LNX.4.21.0009131805350.28586-100000@dent.suse.de>
Subject: SuSE Security Announcement: pam_smb

-----BEGIN PGP SIGNED MESSAGE----- 


______________________________________________________________________________ 


                        SuSE Security Announcement 


        Package: pam_smb 
        Date: Wednesday, September 13th, 2000 18:00 MEST 
        Affected SuSE versions: 6.2, 6.3, 6.4, 7.0 
        Vulnerability Type: remote root compromise 
        Severity (1-10): 8 
        SuSE default package: no 
        Other affected systems: Linux systems using the pam_smb module 


    Content of this advisory: 
        1) security vulnerability resolved: pam_smb 
           problem description, discussion, solution and upgrade information 
        2) pending vulnerabilities, solutions, workarounds 
        3) standard appendix (further information) 


______________________________________________________________________________ 


1) problem description, brief discussion, solution, upgrade information 


    pam_smb is a package for a PAM (Pluggable Authentication Modules) module 
    that allows Linux/Unix user authentication using a Windows NT server. 
    Versions 1.1.5 and before contain a buffer overflow that would allow 
    a remote attacker to gain root access on the target host, provided that 
    the target host has the module installed and configured. The bug was 
    found by Shaun Clowes <shaun@securereality.com.au>, and a new, fixed 
    version of the package was promptly published by Dave Airlie 
    <airlied@samba.org>, the author of the pam_smb package. 


    SuSE distributions starting with SuSE-6.2 have the package pam_smb 
    installed if a network server installation configuration has been 
    selected or if the package has been selected manually. To find out 
    if the PAM module is installed, use the command `rpm -q pam_smb'. 
    If the module package is not installed, your host does not exhibit 
    the weakness. 
    If you do not use the pam_smb module, you can safely remove it using the 
    command `rpm -e pam_smb'. SuSE provides update packages with the latest 
    version of pam_smb. If you do use the module, you should upgrade the 
    package as soon as possible. 
    There is currently no easy workaround for this problem other than a 
    package upgrade. 


    Download the update package from locations desribed below and install 
    the package with the command `rpm -Fhv file.rpm'. The md5sum for each 
    file is in the line below. You can verify the integrity of the rpm 
    files using the command 
        `rpm --checksig --nogpg file.rpm', 
    independently from the md5 signatures below. 



    i386 Intel Platform: 


    SuSE-7.0 
    ftp://ftp.suse.com/pub/suse/i386/update/7.0/n1/pam_smb-1.1.6-0.i386.rpm 
      b5f7c7d92f9f023446a6ca3e73689aee 
    source rpm: 
    ftp://ftp.suse.com/pub/suse/i386/update/7.0/zq1/pam_smb-1.1.6-0.src.rpm 
      f56fa744add8ccdc9777f28475106148 


    SuSE-6.4 
    ftp://ftp.suse.com/pub/suse/i386/update/6.4/n1/pam_smb-1.1.6-0.i386.rpm 
      736c2fe5460724461b96d60b057bd4ab 
    source rpm: 
    ftp://ftp.suse.com/pub/suse/i386/update/6.4/zq1/pam_smb-1.1.6-0.src.rpm 
      fcfa4609d7d62c6fb0e1f03652dcaf56 


    SuSE-6.3 
    ftp://ftp.suse.com/pub/suse/i386/update/6.3/n1/pam_smb-1.1.6-0.i386.rpm 
      d5559e6f3474adcc041f7f8156cde15d 
    source rpm: 
    ftp://ftp.suse.com/pub/suse/i386/update/6.3/zq1/pam_smb-1.1.6-0.src.rpm 
      4fecea0bdf9db5c97d20e0c1e6153663 


    SuSE-6.2 
    ftp://ftp.suse.com/pub/suse/i386/update/6.2/n1/pam_smb-1.1.6-0.i386.rpm 
      73258171e7837d2995b39ebeeb3a87ff 
    source rpm: 
    ftp://ftp.suse.com/pub/suse/i386/update/6.2/zq1/pam_smb-1.1.6-0.src.rpm 
      f8f6f03f3c15f2f3c38f30bd97164919 




    Sparc Platform: 


    SuSE-7.0 
    ftp://ftp.suse.com/pub/suse/sparc/update/7.0/n1/pam_smb-1.1.6-0.sparc.rpm 
      9514dd4d6b54208468f0b5aca6ac51e4 
    source rpm: 
    ftp://ftp.suse.com/pub/suse/sparc/update/7.0/zq1/pam_smb-1.1.6-0.src.rpm 
      22e8dc3e1b51a0f73e7451edd32dc824 




    AXP Alpha Platform: 


    SuSE-6.4 
    ftp://ftp.suse.com/pub/suse/axp/update/6.4/n1/pam_smb-1.1.6-0.alpha.rpm 
      58547d46f0d19a73f6df6dd60693379f 
    source rpm: 
    ftp://ftp.suse.com/pub/suse/axp/update/6.4/zq1/pam_smb-1.1.6-0.src.rpm 
      5a14499e61e22607efd6f5a6700bf9f8 


    SuSE-6.3 
    ftp://ftp.suse.com/pub/suse/axp/update/6.3/n1/pam_smb-1.1.6-0.alpha.rpm 
      b507bcffe74723c5e950af141e17dce5 
    source rpm: 
    ftp://ftp.suse.com/pub/suse/axp/update/6.3/zq1/pam_smb-1.1.6-0.src.rpm 
      f9e692675604c2e1fad3567b394e12d6 




    PPC Power PC Platform: 


    SuSE-6.4 
    ftp://ftp.suse.com/pub/suse/ppc/update/6.4/n1/pam_smb-1.1.6-0.ppc.rpm 
      4a098a9308e93f207fa908f6febd7800 
    source rpm: 
    ftp://ftp.suse.com/pub/suse/ppc/update/6.4/zq1/pam_smb-1.1.6-0.src.rpm 
      7e13f60d71ecbda1fc4e3b3765a5ec35 


______________________________________________________________________________ 


2) Pending vulnerabilities in SuSE Distributions and Workarounds: 


     - zope 


        Zope is contained in SuSE-7.0, i386 Intel and Sparc Platforms only. 
        A permission problem can lead to users given extra roles for the 
        duration of a single request by mutating the roles list as a part 
        of the request processing. Please update the package from our ftp 
        server using the commands as described above in section 1). 


        Considering the moderate severity of the problem and the noise on 
        the security mailing lists, we do not provide a seperate security 
        advisory to address this problem. 


    i386 Intel Platform: 


    ftp://ftp.suse.com/pub/suse/i386/update/7.0/d2/zope-2.1.6-39.i386.rpm 
      472928c355c78c40973c01b9dc606adc 
    source rpm: 
    ftp://ftp.suse.com/pub/suse/i386/update/7.0/zq1/zope-2.1.6-39.src.rpm 
      9adbba630924b684458643f753d44832 



    Sparc Platform: 


    SuSE-7.0 
    ftp://ftp.suse.com/pub/suse/sparc/update/7.0/d2/zope-2.1.6-45.sparc.rpm 
      89358a5217ca6bb3c778cc0f2173d3fb 
    source rpm: 
    ftp://ftp.suse.com/pub/suse/sparc/update/7.0/zq1/zope-2.1.6-45.src.rpm 
      9ce982884dc73e29bc60da3a00f3ab55 



     - xchat 


        The xchat IRC client may be tricked to execute arbitrary commands 
        if the user clicks on an URL. We will provide an update package 
        shortly. Please note that this kind of problem is rather common 
        and will be addressed soon in a future advisory for another package. 



     - IMP 


        IMP is a webmail application to allow users to read and write their 
        email in a browser. Security problems have been found that would 
        allow attackers to run arbitrary commands on the webserver running 
        IMP. 
        SuSE does not ship IMP or the Apache module "horde" that IMP is 
        based on. 
______________________________________________________________________________ 


3) standard appendix: 


    SuSE runs two security mailing lists to which any interested party may 
    subscribe: 


    suse-security@suse.com 
        - general/linux/SuSE security discussion. 
            All SuSE security announcements are sent to this list. 
            To subscribe, send an email to 
                <suse-security-subscribe@suse.com>. 


    suse-security-announce@suse.com 
        - SuSE's announce-only mailing list. 
            Only SuSE's security annoucements are sent to this list. 
            To subscribe, send an email to 
                <suse-security-announce-subscribe@suse.com>. 


    For general information or the frequently asked questions (faq) 
    send mail to: 
        <suse-security-info@suse.com> or 
        <suse-security-faq@suse.com> respectively. 


    =============================================== 
    SuSE's security contact is <security@suse.com>. 
    ===============================================