Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Wed, 9 Apr 2014 15:12:30 +0200
From: Sebastian Krahmer <>
Subject: pam_cifscreds stack overflow


We are tracking a patch at:

which fixes a overflow in the cifskey.c (taken from
Linux CIFS VFS) as used in pam_cifscreds. I did not
check upstream length checking during their packet processing
but I doubt the same fixed max length's also apply ad-hoc to
pam processing of user and password.



~ perl
~ $_='print"\$_=\47$_\47;eval"';eval
~ - SuSE Security Team

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.