Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 552634 (CVE-2014-2830) - <net-fs/cifs-utils-6.4: Buffer overflow vulnerability (CVE-2014-2830)
Summary: <net-fs/cifs-utils-6.4: Buffer overflow vulnerability (CVE-2014-2830)
Status: RESOLVED FIXED
Alias: CVE-2014-2830
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
URL:
Whiteboard: B2 [glsa cve]
Keywords:
: 549198 (view as bug list)
Depends on:
Blocks:
 
Reported: 2015-06-20 14:12 UTC by GLSAMaker/CVETool Bot
Modified: 2016-12-04 11:03 UTC (History)
4 users (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description GLSAMaker/CVETool Bot gentoo-dev 2015-06-20 14:12:54 UTC 
CVE-2014-2830 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2830):
  Stack-based buffer overflow in cifskey.c or cifscreds.c in cifs-utils before
  6.4, as used in pam_cifscreds, allows remote attackers to have unspecified
  impact via unknown vectors.


Maintainers: please CC arch teams if 6.4 is ready for stabilization
Comment 1 Víctor Ostorga (RETIRED) gentoo-dev 2015-12-21 17:30:23 UTC 
@arch_teams , please stabilize =net-fs/cifs-utils-6.4
Comment 2 Víctor Ostorga (RETIRED) gentoo-dev 2015-12-21 17:34:07 UTC 
*** Bug 549198 has been marked as a duplicate of this bug. ***
Comment 3 Gabor Kovari 2015-12-22 14:14:31 UTC 
amd64 : ok (builds, runs)
Comment 4 Agostino Sarubbo gentoo-dev 2015-12-24 20:12:42 UTC 
amd64 stable
Comment 5 Jeroen Roovers (RETIRED) gentoo-dev 2015-12-25 11:16:19 UTC 
Stable for HPPA PPC64.
Comment 6 Agostino Sarubbo gentoo-dev 2015-12-25 18:20:35 UTC 
x86 stable
Comment 7 Agostino Sarubbo gentoo-dev 2015-12-26 10:56:21 UTC 
ppc stable
Comment 8 Markus Meier gentoo-dev 2016-01-07 20:18:42 UTC 
arm stable
Comment 9 Agostino Sarubbo gentoo-dev 2016-01-09 07:11:15 UTC 
sparc stable
Comment 10 Agostino Sarubbo gentoo-dev 2016-01-10 10:41:32 UTC 
alpha stable
Comment 11 Agostino Sarubbo gentoo-dev 2016-01-11 09:07:52 UTC 
ia64 stable.

Maintainer(s), please cleanup.
Security, please add it to the existing request, or file a new one.
Comment 12 Yury German Gentoo Infrastructure gentoo-dev 2016-02-25 07:14:02 UTC 
Arches, Thank you for your work.
New GLSA Request filed.

Maintainer(s), please drop the vulnerable version(s).
Comment 13 Yury German Gentoo Infrastructure gentoo-dev 2016-04-04 20:42:22 UTC 
Maintainer(s), please drop the vulnerable version(s).
Comment 14 Aaron Bauman (RETIRED) gentoo-dev 2016-06-11 11:03:31 UTC 
Please clean.
Comment 15 Lars Wendler (Polynomial-C) (RETIRED) gentoo-dev 2016-06-11 12:18:38 UTC 
commit aa17a42524f5b3a67e8565b9b333ff9206f0b625
Author: Lars Wendler <polynomial-c@gentoo.org>
Date:   Sat Jun 11 14:14:51 2016

    net-fs/cifs-utils: Security cleanup (bug 552634).

    Package-Manager: portage-2.2.28
    Signed-off-by: Lars Wendler <polynomial-c@gentoo.org>
Comment 16 GLSAMaker/CVETool Bot gentoo-dev 2016-12-04 11:03:13 UTC 
This issue was resolved and addressed in
 GLSA 201612-08 at https://security.gentoo.org/glsa/201612-08
by GLSA coordinator Aaron Bauman (b-man).