A vulnerability has been found in Samba. The vulnerability can be exploited locally in applications using the pam_smbpass Pluggable Authentication Module (PAM). It may be possible to exploit this vulnerability remotely, causing the running smbd to crash or even to execute arbitrary code.
The samba package is installed by default only on the SuSE Linux Enterprise Server. SuSE Linux products do not have the samba and samba-client packages installed by default. The samba packages in SuSE Linux version 7.1 and earlier are not affected by this vulnerability.
The samba subsystem on SuSE products is split into two different subpackages: samba and smbclnt up to and including SuSE Linux 7.2, on SuSE Linux 7.3 and newer. The package names are samba and samba-client. To remove the vulnerability, it is recommended users update the installed packages.
For details, click here.