pam_smb / pam_ntdom User Name Remote Overflow

This script is Copyright (C) 2000-2014 Tenable Network Security, Inc.


Synopsis :

The remote host has an application that may be affected by a buffer
overflow vulnerability.

Description :

The remote telnet server shuts the connection abruptly when given a
long username followed by a password.

Although Nessus could not be 100% positive, it may mean that the
remote host is using an older pam_smb or pam_ntdom pluggable
authentication module to validate user credentials against a NT
domain.

Older versions of these modules have a well known buffer overflow that
could allow an intruder to execute arbitrary commands as root on this
host.

It may also mean that this telnet server is weak and crashes when
issued a too long username, in this case this host is vulnerable to a
similar flow.

This may also be a false positive.

Solution :

If pam_smb or pam_ntdom is being used on this host, be sure to
upgrade it to the newest non-devel version.

If the remote telnet server crashed, contact your vendor for a
patch.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVSS Temporal Score : 6.2
(CVSS2#E:F/RL:OF/RC:C)

Family: Gain a shell remotely

Nessus Plugin ID: 10517 ()

Bugtraq ID: 1666

CVE ID: CVE-2000-0843