Security 10817 Published by

SuSE has released a Samba update for SuSE Linux 7.2, 7.3, 8.0, and 8.1



Samba developer Steve Langasek found a security problem in samba, the widely known free implementation of the SMB protocol.

The error consists of a buffer overflow in a commonly used routine that accepts user input and may write up to 127 bytes past the end of the buffer allocated with static length, leaving enough room for an exploit. The resulting vulnerability can be exploited locally in applications using the pam_smbpass Pluggable Authentication Module (PAM). It may be possible to exploit this vulnerability remotely, causing the running smbd to crash or even to execute arbitrary code.
Read more