CVE-2014-2830
Published: 31 March 2015
Stack-based buffer overflow in cifskey.c or cifscreds.c in cifs-utils before 6.4, as used in pam_cifscreds, allows remote attackers to have unspecified impact via unknown vectors.
Notes
Author | Note |
---|---|
tyhicks | pam_cifscreds was added in Xenial's 2:6.4-1ubuntu1.1 and pam_cifscreds was fixed upstream in 6.4 |
Priority
Status
Package | Release | Status |
---|---|---|
cifs-utils Launchpad, Ubuntu, Debian |
lucid |
Does not exist
|
precise |
Ignored
(end of life)
|
|
quantal |
Ignored
(end of life)
|
|
saucy |
Ignored
(end of life)
|
|
trusty |
Not vulnerable
(code not present)
|
|
upstream |
Needs triage
|
|
utopic |
Ignored
(end of life)
|
|
vivid |
Ignored
(end of life)
|
|
wily |
Ignored
(end of life)
|
|
xenial |
Not vulnerable
(2:6.4-1ubuntu1.1)
|
|
yakkety |
Not vulnerable
|
|
zesty |
Not vulnerable
|
|
Patches: other: http://bugzillafiles.novell.org/attachment.cgi?id=585460 |
||
This vulnerability is mitigated in part by the use of gcc's stack protector in Ubuntu. |