|
Family: Gain root remotely --> Category: destructive_attack
pam_smb / pam_ntdom overflow Vulnerability Scan
Vulnerability Scan Summary Attempts to overflow the remote pam_smb
Detailed Explanation for this Vulnerability Test
The remote telnet server shut the connection abruptly when given
a long username followed by a password.
Although Nessus could not be 100% positive, it may mean that
the remote host is using an older pam_smb or pam_ntdom
pluggable authentication module to validate user credentials
against a NT domain.
Older version of these modules have a well documented buffer
overflow which may allow an intruder to execute arbitrary
commands as root on this host.
It may also mean that this telnet server is weak and crashes
when issued a too long username, in this case this host is
vulnerable to a similar flow.
This may also be a false positive.
Solution :
. if pam_smb or pam_ntdom is being used on this host, be sure to upgrade it
to the newest non-devel version.
. if the remote telnet server crashed, contact your vendor for a patch
Threat Level: High
Click HERE for more information and discussions on this network vulnerability scan.
|