Bug 1086224 (CVE-2014-2830)

Summary: CVE-2014-2830 cifs-utils: stack-based buffer overflow flaw in pam_cifscreds
Product: [Other] Security Response Reporter: Murray McAllister <mmcallis>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED WONTFIX QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: asn, gdeschner, jkurik, jrusnack, pfrields, sbose, ssorce, steved
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2015-01-21 15:33:51 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1086226    
Bug Blocks: 1086230    

Description Murray McAllister 2014-04-10 12:04:56 UTC 
Sebastian Krahmer discovered a stack-based buffer overflow flaw in cifskey.c, which is used by pam_cifscreds.

A patch is available from the following: https://bugzilla.novell.com/show_bug.cgi?id=870168

References:
http://seclists.org/oss-sec/2014/q2/66
Comment 1 Murray McAllister 2014-04-10 12:06:09 UTC 
Created cifs-utils tracking bugs for this issue:

Affects: fedora-all [bug 1086226]
Comment 6 Murray McAllister 2014-04-11 10:28:02 UTC 
MITRE assigned CVE-2014-2830 to this issue:

http://seclists.org/oss-sec/2014/q2/96
Comment 7 Jeff Layton 2014-04-16 12:58:14 UTC 
Ok, I merged Sebastian's patch (with a small modification).

I've proposed a couple of other patches to help fix up the error handling, including the case where the buffer would have been overrun. Assuming no one objects, I'll merge them in the next few days and we can get this package built for f20:

http://article.gmane.org/gmane.linux.kernel.cifs/9564
http://article.gmane.org/gmane.linux.kernel.cifs/9563