Vulnerabilities > CVE-2000-0843 - Buffer Overflow vulnerability in NT Authentication PAM Modules
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Summary
Buffer overflow in pam_smb and pam_ntdom pluggable authentication modules (PAM) allow remote attackers to execute arbitrary commands via a login with a long user name.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 | |
| Application | 1 |
Nessus
| NASL family | Gain a shell remotely |
| NASL id | PAM_SMB.NASL |
| description | The remote telnet server shuts the connection abruptly when given a long username followed by a password. Although Nessus could not be 100% positive, it may mean that the remote host is using an older pam_smb or pam_ntdom pluggable authentication module to validate user credentials against a NT domain. Older versions of these modules have a well known buffer overflow that could allow an intruder to execute arbitrary commands as root on this host. It may also mean that this telnet server is weak and crashes when issued a too long username, in this case this host is vulnerable to a similar flow. This may also be a false positive. |
| last seen | 2020-06-01 |
| modified | 2020-06-02 |
| plugin id | 10517 |
| published | 2000-09-16 |
| reporter | This script is Copyright (C) 2000-2018 Tenable Network Security, Inc. |
| source | https://www.tenable.com/plugins/nessus/10517 |
| title | pam_smb / pam_ntdom User Name Remote Overflow |
References
- http://archives.neohapsis.com/archives/bugtraq/2000-09/0073.html
- http://archives.neohapsis.com/archives/bugtraq/2000-09/0114.html
- http://www.debian.org/security/2000/20000911
- http://www.linux-mandrake.com/en/security/MDKSA-2000-047.php3
- http://www.novell.com/linux/security/advisories/adv8_draht_pam_smb_txt.html
- http://www.securityfocus.com/bid/1666