CVE-2000-0843
CVSS10.0
发布时间 :2000-11-14 00:00:00
修订时间 :2008-09-05 16:22:00
NMCOS    

[原文]Buffer overflow in pam_smb and pam_ntdom pluggable authentication modules (PAM) allow remote attackers to execute arbitrary commands via a login with a long user name.


[CNNVD]NT认证PAM模块缓冲区溢出漏洞(CNNVD-200011-010)

        pam_smb和pam_ntdom可插拔认证模块(PAM)存在缓冲区溢出漏洞。远程攻击者借助具有超长用户名的注册执行任意命令。
        

- CVSS (基础分值)

CVSS分值: 10 [严重(HIGH)]
机密性影响: COMPLETE [完全的信息泄露导致所有系统文件暴露]
完整性影响: COMPLETE [系统完整性可被完全破坏]
可用性影响: COMPLETE [可能导致系统完全宕机]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: [--]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

cpe:/a:luke_kenneth_casson_leighton:pam_ntdom:0.23Samba pam_ntdom 0.23
cpe:/a:dave_airlie:pam_smb:1.1.5Samba pam_smb 1.1.5

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0843
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2000-0843
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200011-010
(官方数据源) CNNVD

- 其它链接及资源

http://www.securityfocus.com/bid/1666
(VENDOR_ADVISORY)  BID  1666
http://www.debian.org/security/2000/20000911
(VENDOR_ADVISORY)  DEBIAN  20000911 libpam-smb: remote root exploit
http://www.novell.com/linux/security/advisories/adv8_draht_pam_smb_txt.html
(UNKNOWN)  SUSE  20000913 pam_smb remotely exploitable buffer overflow
http://www.linux-mandrake.com/en/security/MDKSA-2000-047.php3
(UNKNOWN)  MANDRAKE  MDKSA-2000:047
http://archives.neohapsis.com/archives/bugtraq/2000-09/0114.html
(UNKNOWN)  BUGTRAQ  20000911 Conectiva Linux Security Announcement - pam_smb
http://archives.neohapsis.com/archives/bugtraq/2000-09/0073.html
(UNKNOWN)  BUGTRAQ  20000910 (SRADV00002) Remote root compromise through pam_smb and pam_ntdom

- 漏洞信息

NT认证PAM模块缓冲区溢出漏洞
危急 缓冲区溢出
2000-11-14 00:00:00 2005-10-20 00:00:00
远程※本地  
        pam_smb和pam_ntdom可插拔认证模块(PAM)存在缓冲区溢出漏洞。远程攻击者借助具有超长用户名的注册执行任意命令。
        

- 公告与补丁

        This vulnerability has been fixed in the latest releases of both pam_smb and pam_ntdom.
        Conectiva has released updated RPMs.
        SuSE has released updated RPMs:
        i386 Intel Platform:
        SuSE-7.0
         ftp://ftp.suse.com/pub/suse/i386/update/7.0/n1/pam_smb-1.1.6-0.i386.rpm
         b5f7c7d92f9f023446a6ca3e73689aee
         source rpm:
         ftp://ftp.suse.com/pub/suse/i386/update/7.0/zq1/pam_smb-1.1.6-0.src.rpm
         f56fa744add8ccdc9777f28475106148
        SuSE-6.4
         ftp://ftp.suse.com/pub/suse/i386/update/6.4/n1/pam_smb-1.1.6-0.i386.rpm
         736c2fe5460724461b96d60b057bd4ab
         source rpm:
         ftp://ftp.suse.com/pub/suse/i386/update/6.4/zq1/pam_smb-1.1.6-0.src.rpm
         fcfa4609d7d62c6fb0e1f03652dcaf56
        SuSE-6.3
         ftp://ftp.suse.com/pub/suse/i386/update/6.3/n1/pam_smb-1.1.6-0.i386.rpm
         d5559e6f3474adcc041f7f8156cde15d
         source rpm:
         ftp://ftp.suse.com/pub/suse/i386/update/6.3/zq1/pam_smb-1.1.6-0.src.rpm
         4fecea0bdf9db5c97d20e0c1e6153663
        SuSE-6.2
         ftp://ftp.suse.com/pub/suse/i386/update/6.2/n1/pam_smb-1.1.6-0.i386.rpm
         73258171e7837d2995b39ebeeb3a87ff
         source rpm:
         ftp://ftp.suse.com/pub/suse/i386/update/6.2/zq1/pam_smb-1.1.6-0.src.rpm
         f8f6f03f3c15f2f3c38f30bd97164919
        Sparc Platform:
        SuSE-7.0
         ftp://ftp.suse.com/pub/suse/sparc/update/7.0/n1/pam_smb-1.1.6-0.sparc.rpm
         9514dd4d6b54208468f0b5aca6ac51e4
         source rpm:
         ftp://ftp.suse.com/pub/suse/sparc/update/7.0/zq1/pam_smb-1.1.6-0.src.rpm
         22e8dc3e1b51a0f73e7451edd32dc824
        AXP Alpha Platform:
        SuSE-6.4
         ftp://ftp.suse.com/pub/suse/axp/update/6.4/n1/pam_smb-1.1.6-0.alpha.rpm
         58547d46f0d19a73f6df6dd60693379f
         source rpm:
         ftp://ftp.suse.com/pub/suse/axp/update/6.4/zq1/pam_smb-1.1.6-0.src.rpm
         5a14499e61e22607efd6f5a6700bf9f8
        SuSE-6.3
         ftp://ftp.suse.com/pub/suse/axp/update/6.3/n1/pam_smb-1.1.6-0.alpha.rpm
         b507bcffe74723c5e950af141e17dce5
         source rpm:
         ftp://ftp.suse.com/pub/suse/axp/update/6.3/zq1/pam_smb-1.1.6-0.src.rpm
         f9e692675604c2e1fad3567b394e12d6
        PPC Power PC Platform:
        SuSE-6.4
         ftp://ftp.suse.com/pub/suse/ppc/update/6.4/n1/pam_smb-1.1.6-0.ppc.rpm
         4a098a9308e93f207fa908f6febd7800
         source rpm:
         ftp://ftp.suse.com/pub/suse/ppc/update/6.4/zq1/pam_smb-1.1.6-0.src.rpm
         7e13f60d71ecbda1fc4e3b3765a5ec35
        Debian packages (from the Debian advisory):
        Debian GNU/Linux 2.2 alias potato
        - ------------------------------------
        Potato was released for the alpha, arm, i386, m68k, powerpc and sparc
         architectures. At this moment packages for m68k are not yet
         available. As soon as they are ready we will put them online and
         list them on the security pages at
        http://security.debian.org/.
        Source archives:
        http://security.debian.org/dists/stable/updates/main/source/libpam-smb_1.1.6-1.diff.gz
         MD5 checksum: 6105db037fe3503c04cba3e08150c448
        http://security.debian.org/dists/stable/updates/main/source/libpam-smb_1.1.6-1.dsc
         MD5 checksum: c83845843024a062c692c2c0d5887485
        http://security.debian.org/dists/stable/updates/main/source/libpam-smb_1.1.6.orig.tar.gz
         MD5 checksum: 7d18363b7ab932f852f670b4aeed1283
        Alpha architecture:
        http://security.debian.org/dists/stable/updates/main/binary-alpha/libpam-smb_1.1.6-1_alpha.deb
         MD5 checksum: bc93244ff451f7c14e194d538eacef04
        ARM architecture:
        http://security.debian.org/dists/stable/updates/main/binary-arm/libpam-smb_1.1.6-1_arm.deb
         MD5 checksum: f2ae975ab2916376466d7a23bbc4dc66
        Intel ia32 architecture:
        http://security.debian.org/dists/stable/updates/main/binary-i386/libpam-smb_1.1.6-1_i386.deb
         MD5 checksum: c4e884fd29c7e726b85d636a8f22688c
        PowerPC architecture:
        http://security.debian.org/dists/stable/updates/main/binary-powerpc/libpam-smb_1.1.6-1_powerpc.deb
         MD5 checksum: cd4731e20045da27eac56a64b5feab63
        Sun Sparc architecture:
        http://security.debian.org/dists/stable/updates/main/binary-sparc/libpam-smb_1.1.6-1_sparc.deb
         MD5 checksum: 71759e4ae9bfd4d1cc3788869084f10f
        Samba pam_ntdom 0.23
        
        Samba pam_smb 1.1.5
        

- 漏洞信息

416
pam_smb / pam_ntdom User Name Remote Overflow
Remote / Network Access Input Manipulation
Loss of Integrity

- 漏洞描述

Unknown or Incomplete

- 时间线

2000-09-10 Unknow
Unknow Unknow

- 解决方案

Unknown or Incomplete

- 相关参考

- 漏洞作者

Unknown or Incomplete

- 漏洞信息

NT Authentication PAM Modules Buffer Overflow Vulnerability
Boundary Condition Error 1666
Yes Yes
2000-09-11 12:00:00 2009-07-11 02:56:00
This vulnerability was first reported in an advisory posted to Bugtraq on September 11, 2000 by Secure Reality Pty Ltd.

- 受影响的程序版本

Samba pam_smb 1.1.5
+ Conectiva Linux 5.1
+ Debian Linux 2.2
- Mandriva Linux Mandrake 7.1
- Mandriva Linux Mandrake 7.0
- Mandriva Linux Mandrake 6.1
- Mandriva Linux Mandrake 6.0
- S.u.S.E. Linux 7.0 sparc
- S.u.S.E. Linux 7.0
- S.u.S.E. Linux 6.4 ppc
- S.u.S.E. Linux 6.4 alpha
- S.u.S.E. Linux 6.4
- S.u.S.E. Linux 6.3 alpha
- S.u.S.E. Linux 6.3
- S.u.S.E. Linux 6.2
Samba pam_ntdom 0.23
- Mandriva Linux Mandrake 7.1
- Mandriva Linux Mandrake 7.0
- Mandriva Linux Mandrake 7.0
- Mandriva Linux Mandrake 6.1
- Mandriva Linux Mandrake 6.1
- Mandriva Linux Mandrake 6.0
- Mandriva Linux Mandrake 6.0
Samba pam_smb 1.1.6
- Mandriva Linux Mandrake 7.1
- Mandriva Linux Mandrake 7.0
- Mandriva Linux Mandrake 6.1
- Mandriva Linux Mandrake 6.0
Samba pam_ntdom 0.24
- Mandriva Linux Mandrake 7.1
- Mandriva Linux Mandrake 7.0
- Mandriva Linux Mandrake 6.1
- Mandriva Linux Mandrake 6.0

- 不受影响的程序版本

Samba pam_smb 1.1.6
- Mandriva Linux Mandrake 7.1
- Mandriva Linux Mandrake 7.0
- Mandriva Linux Mandrake 6.1
- Mandriva Linux Mandrake 6.0
Samba pam_ntdom 0.24
- Mandriva Linux Mandrake 7.1
- Mandriva Linux Mandrake 7.0
- Mandriva Linux Mandrake 6.1
- Mandriva Linux Mandrake 6.0

- 漏洞讨论

The pam_smb and pam_ntdom are plug-in authentication modules that allow unix users to authenticate against an NT domain controller. The pam_smb module contains a remotely exploitable buffer overflow vulnerability. pam_ntdom, which was derived from pam_smb, contains the same vulnerability. The problem results from long user names being copied into a 16 byte stack variable without bounds checking.

- 漏洞利用

Currently the SecurityFocus staff are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com.

- 解决方案

This vulnerability has been fixed in the latest releases of both pam_smb and pam_ntdom.

Conectiva has released updated RPMs.

SuSE has released updated RPMs:

i386 Intel Platform:

SuSE-7.0
ftp://ftp.suse.com/pub/suse/i386/update/7.0/n1/pam_smb-1.1.6-0.i386.rpm
b5f7c7d92f9f023446a6ca3e73689aee
source rpm:
ftp://ftp.suse.com/pub/suse/i386/update/7.0/zq1/pam_smb-1.1.6-0.src.rpm
f56fa744add8ccdc9777f28475106148

SuSE-6.4
ftp://ftp.suse.com/pub/suse/i386/update/6.4/n1/pam_smb-1.1.6-0.i386.rpm
736c2fe5460724461b96d60b057bd4ab
source rpm:
ftp://ftp.suse.com/pub/suse/i386/update/6.4/zq1/pam_smb-1.1.6-0.src.rpm
fcfa4609d7d62c6fb0e1f03652dcaf56

SuSE-6.3
ftp://ftp.suse.com/pub/suse/i386/update/6.3/n1/pam_smb-1.1.6-0.i386.rpm
d5559e6f3474adcc041f7f8156cde15d
source rpm:
ftp://ftp.suse.com/pub/suse/i386/update/6.3/zq1/pam_smb-1.1.6-0.src.rpm
4fecea0bdf9db5c97d20e0c1e6153663

SuSE-6.2
ftp://ftp.suse.com/pub/suse/i386/update/6.2/n1/pam_smb-1.1.6-0.i386.rpm
73258171e7837d2995b39ebeeb3a87ff
source rpm:
ftp://ftp.suse.com/pub/suse/i386/update/6.2/zq1/pam_smb-1.1.6-0.src.rpm
f8f6f03f3c15f2f3c38f30bd97164919

Sparc Platform:

SuSE-7.0
ftp://ftp.suse.com/pub/suse/sparc/update/7.0/n1/pam_smb-1.1.6-0.sparc.rpm
9514dd4d6b54208468f0b5aca6ac51e4
source rpm:
ftp://ftp.suse.com/pub/suse/sparc/update/7.0/zq1/pam_smb-1.1.6-0.src.rpm
22e8dc3e1b51a0f73e7451edd32dc824

AXP Alpha Platform:

SuSE-6.4
ftp://ftp.suse.com/pub/suse/axp/update/6.4/n1/pam_smb-1.1.6-0.alpha.rpm
58547d46f0d19a73f6df6dd60693379f
source rpm:
ftp://ftp.suse.com/pub/suse/axp/update/6.4/zq1/pam_smb-1.1.6-0.src.rpm
5a14499e61e22607efd6f5a6700bf9f8

SuSE-6.3
ftp://ftp.suse.com/pub/suse/axp/update/6.3/n1/pam_smb-1.1.6-0.alpha.rpm
b507bcffe74723c5e950af141e17dce5
source rpm:
ftp://ftp.suse.com/pub/suse/axp/update/6.3/zq1/pam_smb-1.1.6-0.src.rpm
f9e692675604c2e1fad3567b394e12d6

PPC Power PC Platform:

SuSE-6.4
ftp://ftp.suse.com/pub/suse/ppc/update/6.4/n1/pam_smb-1.1.6-0.ppc.rpm
4a098a9308e93f207fa908f6febd7800
source rpm:
ftp://ftp.suse.com/pub/suse/ppc/update/6.4/zq1/pam_smb-1.1.6-0.src.rpm
7e13f60d71ecbda1fc4e3b3765a5ec35

Debian packages (from the Debian advisory):

Debian GNU/Linux 2.2 alias potato
- ------------------------------------

Potato was released for the alpha, arm, i386, m68k, powerpc and sparc
architectures. At this moment packages for m68k are not yet
available. As soon as they are ready we will put them online and
list them on the security pages at http://security.debian.org/.

Source archives:
http://security.debian.org/dists/stable/updates/main/source/libpam-smb_1.1.6-1.diff.gz
MD5 checksum: 6105db037fe3503c04cba3e08150c448
http://security.debian.org/dists/stable/updates/main/source/libpam-smb_1.1.6-1.dsc
MD5 checksum: c83845843024a062c692c2c0d5887485
http://security.debian.org/dists/stable/updates/main/source/libpam-smb_1.1.6.orig.tar.gz
MD5 checksum: 7d18363b7ab932f852f670b4aeed1283

Alpha architecture:
http://security.debian.org/dists/stable/updates/main/binary-alpha/libpam-smb_1.1.6-1_alpha.deb
MD5 checksum: bc93244ff451f7c14e194d538eacef04

ARM architecture:
http://security.debian.org/dists/stable/updates/main/binary-arm/libpam-smb_1.1.6-1_arm.deb
MD5 checksum: f2ae975ab2916376466d7a23bbc4dc66

Intel ia32 architecture:
http://security.debian.org/dists/stable/updates/main/binary-i386/libpam-smb_1.1.6-1_i386.deb
MD5 checksum: c4e884fd29c7e726b85d636a8f22688c

PowerPC architecture:
http://security.debian.org/dists/stable/updates/main/binary-powerpc/libpam-smb_1.1.6-1_powerpc.deb
MD5 checksum: cd4731e20045da27eac56a64b5feab63

Sun Sparc architecture:
http://security.debian.org/dists/stable/updates/main/binary-sparc/libpam-smb_1.1.6-1_sparc.deb
MD5 checksum: 71759e4ae9bfd4d1cc3788869084f10f


Samba pam_ntdom 0.23

Samba pam_smb 1.1.5

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站