Vulnerabilities > CVE-2003-0686
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Buffer overflow in PAM SMB module (pam_smb) 1.1.6 and earlier, when authenticating to a remote service, allows remote attackers to execute arbitrary code.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 8 | |
| Application | 4 |
Exploit-Db
| description | Linux pam_lib_smb < 1.1.6 /bin/login Remote Exploit. CVE-2003-0686. Remote exploit for linux platform |
| id | EDB-ID:89 |
| last seen | 2016-01-31 |
| modified | 2003-08-29 |
| published | 2003-08-29 |
| reporter | vertex |
| source | https://www.exploit-db.com/download/89/ |
| title | Linux pam_lib_smb < 1.1.6 - /bin/login Remote Exploit |
Nessus
NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_2BCD2D2424CA11D882E50020ED76EF5A.NASL description Applications utilizing pam_smb can be compromised by any user who can enter a password. In many cases, this is a remote root compromise. last seen 2020-06-01 modified 2020-06-02 plugin id 37495 published 2009-04-23 reporter This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/37495 title FreeBSD : Buffer overflow in pam_smb password handling (2bcd2d24-24ca-11d8-82e5-0020ed76ef5a) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2003-262.NASL description Updated pam_smb packages are now available which fix a security vulnerability (buffer overflow). The pam_smb module is a pluggable authentication module (PAM) used to authenticate users using an external Server Message Block (SMB) server. A buffer overflow vulnerability has been found that affects unpatched versions of pam_smb up to and including 1.1.6. On systems that use pam_smb and are configured to authenticate a remotely accessible service, an attacker can exploit this bug and remotely execute arbitrary code. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2003-0686 to this issue. Red Hat Enterprise Linux contains a version of pam_smb that is vulnerable to this issue, however pam_smb is not enabled by default. Users of pam_smb are advised to upgrade to these erratum packages, which contain a patch to version 1.1.6 to correct this issue. Red Hat would like to thank Dave Airlie of the Samba team for notifying us of this issue. last seen 2020-06-01 modified 2020-06-02 plugin id 12417 published 2004-07-06 reporter This script is Copyright (C) 2004-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/12417 title RHEL 2.1 : pam_smb (RHSA-2003:262) NASL family Debian Local Security Checks NASL id DEBIAN_DSA-374.NASL description libpam-smb is a PAM authentication module which makes it possible to authenticate users against a password database managed by Samba or a Microsoft Windows server. If a long password is supplied, this can cause a buffer overflow which could be exploited to execute arbitrary code with the privileges of the process which invokes PAM services. last seen 2020-06-01 modified 2020-06-02 plugin id 15211 published 2004-09-29 reporter This script is Copyright (C) 2004-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/15211 title Debian DSA-374-1 : libpam-smb - buffer overflow NASL family FreeBSD Local Security Checks NASL id FREEBSD_PAM_SMB_199_3.NASL description The following package needs to be updated: pam_smb last seen 2016-09-26 modified 2004-07-06 plugin id 12590 published 2004-07-06 reporter Tenable source https://www.tenable.com/plugins/index.php?view=single&id=12590 title FreeBSD : Buffer overflow in pam_smb password handling (136)
Oval
| accepted | 2007-04-25T19:52:32.853-04:00 | ||||||||||||
| class | vulnerability | ||||||||||||
| contributors |
| ||||||||||||
| description | Buffer overflow in PAM SMB module (pam_smb) 1.1.6 and earlier, when authenticating to a remote service, allows remote attackers to execute arbitrary code. | ||||||||||||
| family | unix | ||||||||||||
| id | oval:org.mitre.oval:def:469 | ||||||||||||
| status | accepted | ||||||||||||
| submitted | 2003-09-05T12:00:00.000-04:00 | ||||||||||||
| title | Buffer Overflow in PAM SMB Module | ||||||||||||
| version | 36 |
Redhat
| advisories |
|
References
- http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000734
- http://marc.info/?l=bugtraq&m=106252769930090&w=2
- http://secunia.com/advisories/9611
- http://us2.samba.org/samba/ftp/pam_smb/
- http://www.debian.org/security/2003/dsa-374
- http://www.kb.cert.org/vuls/id/680260
- http://www.redhat.com/support/errata/RHSA-2003-261.html
- http://www.redhat.com/support/errata/RHSA-2003-262.html
- http://www.turbolinux.com/security/TLSA-2003-50.txt
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A469