CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
EPSS
Percentile
97.8%
The pam_smb module contains a remotely exploitable buffer overflow vulnerability. This module is used to authenticate users using an external Server Message Block (SMB) server. A remote attacker may be able to exploit this vulnerability to run arbitrary commands on the system.
The pam_smb module versions 1.1.6 and prior contain a remotely exploitable buffer overflow vulnerability in the processing of the password buffer. This module is used when a system is configured to authenticate users using an external Server Message Block (SMB) server.
An unauthenticated remote attacker may be able to exploit this vulnerability to run arbitrary commands on the system.
This problem is reportedly resolved in version 1.1.7 of the pam_smb module. Upgrade, or apply the patches provided by your vendor.
680260
Filter by status: All Affected Not Affected Unknown
Filter by content: __ Additional information available
__ Sort by: Status Alphabetical
Expand all
Javascript is disabled. Click here to view vendors.
Updated: August 29, 2003
Affected
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Please see <http://www.debian.org/security/2003/dsa-374>.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23680260 Feedback>).
Updated: August 29, 2003
Affected
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Please see <https://rhn.redhat.com/errata/RHSA-2003-261.html>.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23680260 Feedback>).
Updated: August 29, 2003
Affected
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Please see <http://us1.samba.org/samba/ftp/pam_smb/>.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23680260 Feedback>).
Group | Score | Vector |
---|---|---|
Base | ||
Temporal | ||
Environmental |
The Red Hat Security Team has recognized Dave Airlie of the Samba team for reporting this vulnerability.
This document was written by Jason A Rafail.
CVE IDs: | CVE-2003-0686 |
---|---|
Severity Metric: | 8.44 Date Public: |