[Bug 874469] Re: stack buffer overflow in pam_env
Marc Deslauriers
marc.deslauriers at canonical.com
Mon Oct 24 19:22:23 UTC 2011
** Visibility changed to: Public
** Visibility changed to: Public
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to pam in Ubuntu.
https://bugs.launchpad.net/bugs/874469
Title:
stack buffer overflow in pam_env
Status in “pam” package in Ubuntu:
Fix Released
Bug description:
pam_env reads ~/.pam_environment by default. The routine that parses
this file does not correctly validate the size of leading whitespace,
and can overflow a character array on the stack. This is currently
caught by the stack protections on Ubuntu, but looks to be a more
serious problem on Debian which, prior to current unstable, doesn't
have pam built with stack protection.
Since this is a bug in a shared library, this will crash whatever is
running the code. Most pam-using applications use a separate process
for these calls, so the effects should be minimal on Ubuntu, but there
could be applications that don't deal well with the pam libraries
suddenly exploding.
To reproduce:
perl -e 'print " " x 256, "\\";' >> ~/.pam_environment
perl -e 'print " " x 256, "\\";' >> ~/.pam_environment
perl -e 'print " " x 256, "\\";' >> ~/.pam_environment
perl -e 'print " " x 256, "\\";' >> ~/.pam_environment
perl -e 'print "A" x 256;' >> ~/.pam_environment
Logging in will be violently disabled:
*** stack smashing detected ***: sshd: kees [priv] terminated
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/pam/+bug/874469/+subscriptions
More information about the foundations-bugs
mailing list