CVE-2014-2830

Published: 31 March 2015

Stack-based buffer overflow in cifskey.c or cifscreds.c in cifs-utils before 6.4, as used in pam_cifscreds, allows remote attackers to have unspecified impact via unknown vectors.

Priority

Medium

Status

Package Release Status
cifs-utils
Launchpad, Ubuntu, Debian
Upstream Needs triage

Ubuntu 16.04 ESM (Xenial Xerus) Not vulnerable
(2:6.4-1ubuntu1.1)
Ubuntu 14.04 ESM (Trusty Tahr) Not vulnerable
(code not present)
Patches:
Other: http://bugzillafiles.novell.org/attachment.cgi?id=585460
This vulnerability is mitigated in part by the use of gcc's stack protector in Ubuntu.

Notes

AuthorNote
tyhicks
pam_cifscreds was added in Xenial's 2:6.4-1ubuntu1.1 and
pam_cifscreds was fixed upstream in 6.4

References