Detections
Analytics

pam_smb / pam_ntdom User Name Remote Overflow

high Nessus Plugin ID 10517

Synopsis

The remote host has an application that may be affected by a buffer overflow vulnerability.

Description

The remote telnet server shuts the connection abruptly when given a long username followed by a password.

Although Nessus could not be 100% positive, it may mean that the remote host is using an older pam_smb or pam_ntdom pluggable authentication module to validate user credentials against a NT domain.

Older versions of these modules have a well known buffer overflow that could allow an intruder to execute arbitrary commands as root on this host.

It may also mean that this telnet server is weak and crashes when issued a too long username, in this case this host is vulnerable to a similar flow.

This may also be a false positive.

Solution

If pam_smb or pam_ntdom is being used on this host, be sure to upgrade it to the newest non-devel version.

If the remote telnet server crashed, contact your vendor for a patch.

Plugin Details

Severity: High

ID: 10517

File Name: pam_smb.nasl

Version: 1.32

Type: remote

Published: 9/16/2000

Updated: 7/25/2018

Configuration: Enable paranoid mode

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 5.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

Required KB Items: Settings/ParanoidReport

Exploit Ease: No known exploits are available

Vulnerability Publication Date: 9/10/2000

Reference Information

CVE: CVE-2000-0843

BID: 1666