Bug 1086224 (CVE-2014-2830)
Summary: | CVE-2014-2830 cifs-utils: stack-based buffer overflow flaw in pam_cifscreds | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Murray McAllister <mmcallis> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED WONTFIX | QA Contact: | |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | unspecified | CC: | asn, gdeschner, jkurik, jrusnack, pfrields, sbose, ssorce, steved |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2015-01-21 15:33:51 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 1086226 | ||
Bug Blocks: | 1086230 |
Description
Murray McAllister
2014-04-10 12:04:56 UTC
Created cifs-utils tracking bugs for this issue: Affects: fedora-all [bug 1086226] MITRE assigned CVE-2014-2830 to this issue: http://seclists.org/oss-sec/2014/q2/96 Ok, I merged Sebastian's patch (with a small modification). I've proposed a couple of other patches to help fix up the error handling, including the case where the buffer would have been overrun. Assuming no one objects, I'll merge them in the next few days and we can get this package built for f20: http://article.gmane.org/gmane.linux.kernel.cifs/9564 http://article.gmane.org/gmane.linux.kernel.cifs/9563 |