*** This bug is a security vulnerability ***
You have been subscribed to a public security bug by Marc Deslauriers
(mdeslaur):
pam_env reads ~/.pam_environment by default. The routine that parses
this file does not correctly validate the size of leading whitespace,
and can overflow a character array on the stack. This is currently
caught by the stack protections on Ubuntu, but looks to be a more
serious problem on Debian which, prior to current unstable, doesn't have
pam built with stack protection.
Since this is a bug in a shared library, this will crash whatever is
running the code. Most pam-using applications use a separate process for
these calls, so the effects should be minimal on Ubuntu, but there could
be applications that don't deal well with the pam libraries suddenly
exploding.
To reproduce:
perl -e 'print " " x 256, "\\";' >> ~/.pam_environment
perl -e 'print " " x 256, "\\";' >> ~/.pam_environment
perl -e 'print " " x 256, "\\";' >> ~/.pam_environment
perl -e 'print " " x 256, "\\";' >> ~/.pam_environment
perl -e 'print "A" x 256;' >> ~/.pam_environment
Logging in will be violently disabled:
*** stack smashing detected ***: sshd: kees [priv] terminated
** Affects: pam (Ubuntu)
Importance: Undecided
Status: Fix Released
--
stack buffer overflow in pam_env
https://bugs.launchpad.net/bugs/874469
You received this bug notification because you are a member of Ubuntu Bugs,
which is subscribed to the bug report.
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
