Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 552634 (CVE-2014-2830)

Summary: <net-fs/cifs-utils-6.4: Buffer overflow vulnerability (CVE-2014-2830)
Product: Gentoo Security Reporter: GLSAMaker/CVETool Bot <glsamaker>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: normal CC: alex_y_xu, s390, samba, sh+disabled
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard: B2 [glsa cve]
Package list:
Runtime testing required: ---

Description GLSAMaker/CVETool Bot gentoo-dev 2015-06-20 14:12:54 UTC
CVE-2014-2830 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2830):
  Stack-based buffer overflow in cifskey.c or cifscreds.c in cifs-utils before
  6.4, as used in pam_cifscreds, allows remote attackers to have unspecified
  impact via unknown vectors.


Maintainers: please CC arch teams if 6.4 is ready for stabilization
Comment 1 Víctor Ostorga (RETIRED) gentoo-dev 2015-12-21 17:30:23 UTC
@arch_teams , please stabilize =net-fs/cifs-utils-6.4
Comment 2 Víctor Ostorga (RETIRED) gentoo-dev 2015-12-21 17:34:07 UTC
*** Bug 549198 has been marked as a duplicate of this bug. ***
Comment 3 Gabor Kovari 2015-12-22 14:14:31 UTC
amd64 : ok (builds, runs)
Comment 4 Agostino Sarubbo gentoo-dev 2015-12-24 20:12:42 UTC
amd64 stable
Comment 5 Jeroen Roovers (RETIRED) gentoo-dev 2015-12-25 11:16:19 UTC
Stable for HPPA PPC64.
Comment 6 Agostino Sarubbo gentoo-dev 2015-12-25 18:20:35 UTC
x86 stable
Comment 7 Agostino Sarubbo gentoo-dev 2015-12-26 10:56:21 UTC
ppc stable
Comment 8 Markus Meier gentoo-dev 2016-01-07 20:18:42 UTC
arm stable
Comment 9 Agostino Sarubbo gentoo-dev 2016-01-09 07:11:15 UTC
sparc stable
Comment 10 Agostino Sarubbo gentoo-dev 2016-01-10 10:41:32 UTC
alpha stable
Comment 11 Agostino Sarubbo gentoo-dev 2016-01-11 09:07:52 UTC
ia64 stable.

Maintainer(s), please cleanup.
Security, please add it to the existing request, or file a new one.
Comment 12 Yury German Gentoo Infrastructure gentoo-dev 2016-02-25 07:14:02 UTC
Arches, Thank you for your work.
New GLSA Request filed.

Maintainer(s), please drop the vulnerable version(s).
Comment 13 Yury German Gentoo Infrastructure gentoo-dev 2016-04-04 20:42:22 UTC
Maintainer(s), please drop the vulnerable version(s).
Comment 14 Aaron Bauman Gentoo Infrastructure gentoo-dev Security 2016-06-11 11:03:31 UTC
Please clean.
Comment 15 Lars Wendler (Polynomial-C) gentoo-dev 2016-06-11 12:18:38 UTC
commit aa17a42524f5b3a67e8565b9b333ff9206f0b625
Author: Lars Wendler <polynomial-c@gentoo.org>
Date:   Sat Jun 11 14:14:51 2016

    net-fs/cifs-utils: Security cleanup (bug 552634).

    Package-Manager: portage-2.2.28
    Signed-off-by: Lars Wendler <polynomial-c@gentoo.org>
Comment 16 GLSAMaker/CVETool Bot gentoo-dev 2016-12-04 11:03:13 UTC
This issue was resolved and addressed in
 GLSA 201612-08 at https://security.gentoo.org/glsa/201612-08
by GLSA coordinator Aaron Bauman (b-man).