GLSA-201612-08 : LinuxCIFS utils: Buffer overflow

Critical Nessus Plugin ID 95523


The remote Gentoo host is missing one or more security-related patches.


The remote host is affected by the vulnerability described in GLSA-201612-08 (LinuxCIFS utils: Buffer overflow)

A stack-based buffer overflow was discovered in cifskey.c or cifscreds.c in LinuxCIFS, as used in “pam_cifscreds.”
Impact :

A remote attacker could exploit this vulnerability to cause an unspecified impact.
Workaround :

Don’t use LinuxCIFS utils’ “cifscreds” PAM module. In Gentoo, LinuxCIFS utils’ PAM support is disabled by default unless the “pam” USE flag is enabled.


All LinuxCIFS utils users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose '>=net-fs/cifs-utils-6.4'

See Also

Plugin Details

Severity: Critical

ID: 95523

File Name: gentoo_GLSA-201612-08.nasl

Version: $Revision: 3.1 $

Type: local

Published: 2016/12/05

Modified: 2016/12/05

Dependencies: 12634

Risk Information

Risk Factor: Critical


Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: p-cpe:/a:gentoo:linux:cifs-utils, cpe:/o:gentoo:linux

Required KB Items: Host/local_checks_enabled, Host/Gentoo/release, Host/Gentoo/qpkg-list

Patch Publication Date: 2016/12/04

Reference Information

CVE: CVE-2014-2830

GLSA: 201612-08