From security-announce@turbolinux.co.jp Fri Aug 29 14:04:50 2003 From: Turbolinux Resent-From: security-announce@turbolinux.co.jp To: security-announce@turbolinux.co.jp Resent-To: server-users-e@turbolinux.co.jp (moderated) Date: Fri, 29 Aug 2003 22:42:09 +0900 Reply-To: server-users-e@turbolinux.co.jp Subject: [Full-Disclosure] [TURBOLINUX SECURITY INFO] 29/Aug/2003 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 This is an announcement only email list for the x86 architecture. ============================================================ Turbolinux Security Announcement 29/Aug/2003 ============================================================ The following page contains the security information of Turbolinux Inc. - Turbolinux Security Center http://www.turbolinux.com/security/ (1) pam_smb -> Remote buffer overflow =========================================================== * pam_smb -> Remote buffer overflow =========================================================== More information : The pam_smb is a package for a PAM (Pluggable Authentication Modules) module that allows Linux/Unix user authentication sing an external SMB server. The remote buffer overflow in the pam_smb module that an attacker can exploit the pam_smb configured to authenticate a remotely accessible service. However, the pam_smb module is not enabled by default. Impact : This vulnerability may allow a remote attacker to execute arbitrary code. Affected Products : - Turbolinux 8 Server - Turbolinux 8 Workstation - Turbolinux 7 Server - Turbolinux 7 Workstation - Turbolinux Server 6.5 - Turbolinux Advanced Server 6 - Turbolinux Server 6.1 - Turbolinux Workstation 6.0 Solution : Please use turbopkg tool to apply the update. Source Packages Size : MD5 ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/SRPMS/pam_smb-1.1.7-1.src.rpm 69691 2116f2219a0b8e501dd1704e56840c72 Binary Packages Size : MD5 ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/pam_smb-1.1.7-1.i586.rpm 32855 ef18328cb52dd2c231b4de5135f19aa7 Source Packages Size : MD5 ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/SRPMS/pam_smb-1.1.7-1.src.rpm 69691 7247030f22ce6786a4dfbb59d07a8b45 Binary Packages Size : MD5 ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/pam_smb-1.1.7-1.i586.rpm 32824 870e43562adc2fdc5edff4b75a5f8d2a Source Packages Size : MD5 ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/SRPMS/pam_smb-1.1.7-1.src.rpm 69691 164ec90895dc821aea2b29204dd9fba0 Binary Packages Size : MD5 ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/pam_smb-1.1.7-1.i586.rpm 33561 bb26818f86013b3d1772421953f22e4d Source Packages Size : MD5 ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/SRPMS/pam_smb-1.1.7-1.src.rpm 69691 5d2605b0d2a12110a4a807449c9de6f0 Binary Packages Size : MD5 ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/RPMS/pam_smb-1.1.7-1.i586.rpm 33561 a12d70c574925a74e1417938229f217a Source Packages Size : MD5 ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/6.5/updates/SRPMS/pam_smb-1.1.7-1.src.rpm 69691 127d44a9bf109136328f6e101fc5cc32 Binary Packages Size : MD5 ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/6.5/updates/RPMS/pam_smb-1.1.7-1.i386.rpm 34631 c23bcb5667baecb1386da14ee5f8178b Source Packages Size : MD5 ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/AdvancedServer/6/ja/updates/SRPMS/pam_smb-1.1.7-1.src.rpm 69691 4ebf902cc3470d1251c29df11542237b Binary Packages Size : MD5 ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/AdvancedServer/6/ja/updates/RPMS/pam_smb-1.1.7-1.i386.rpm 34620 3165e04c4637955f965ba1553df3e53b Source Packages Size : MD5 ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/6.1/ja/updates/SRPMS/pam_smb-1.1.7-1.src.rpm 69691 b4cea2063ab801fdbafa9bf19786072e Binary Packages Size : MD5 ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/6.1/ja/updates/RPMS/pam_smb-1.1.7-1.i386.rpm 34631 b2274a657281d232d40650c45c2acc10 Source Packages Size : MD5 ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/6.0/ja/updates/SRPMS/pam_smb-1.1.7-1.src.rpm 69691 e387f1a7f136ffd5e50f521f7c828f58 Binary Packages Size : MD5 ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/6.0/ja/updates/RPMS/pam_smb-1.1.7-1.i386.rpm 34620 2ea1e114c727822b8ab4f1f2e9aa1974 References : CVE [CAN-2003-0686] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0686 -------------------------------------------------------------------------- Revision History 29 Aug 2003 Initial release -------------------------------------------------------------------------- * You may need to update the turbopkg tool before applying the update. Please refer to the following URL for detailed information. http://www.turbolinux.com/download/zabom.html http://www.turbolinux.com/download/zabomupdate.html Package Update Path http://www.turbolinux.com/update ============================================================ * To obtain the public key Here is the public key http://www.turbolinux.com/security/ * To unsubscribe from the list If you ever want to remove yourself from this mailing list, you can send a message to with the word `unsubscribe' in the body (don't include the quotes). unsubscribe * To change your email address If you ever want to chage email address in this mailing list, you can send a message to with the following command in the message body: chaddr 'old address' 'new address' If you have any questions or problems, please contact Thank you! -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3 (GNU/Linux) iD8DBQE/T1g2K0LzjOqIJMwRAucWAJ4l3ZGoj/zTxkNhdcmusNQEnIV38gCfZmPp yjq5H8M+uzuJWM7OwByZjLU= =j+Pg -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html