Public bug reported: 64 bit Ubuntu 10.04.3 LTS login version 1:4.1.4.2-1ubuntu2.2
Steps to reproduce: 1. Invoke su. (What options and username are given, if any, doesn't seem to matter). 2. When prompted for a password, hit Ctrl-D without typing any other characters first. Expected results: su should handle Ctrl-D however it was designed to handle it without segfaulting. I had accidentally invoked su and subconsciously expected su to treat Ctrl-D as end of input and terminate (as cat or a shell would). Actual results: su terminates with a segfault. ----------------------------------------------------------------- I am not sure whether to check the "This bug is a security vulnerability box". I will leave it unchecked as I'm uncertain what the criteria are for classifying a bug as a security vulnerability and as I have not observed this bug to allow a privileged login without a password, but it seems that a segfault in a program that deals with passwords, especially while handling passwords, is at least a potential vulnerability. ProblemType: Bug DistroRelease: Ubuntu 10.04 Package: login 1:4.1.4.2-1ubuntu2.2 ProcVersionSignature: Ubuntu 2.6.32-25.44-generic 2.6.32.21+drm33.7 Uname: Linux 2.6.32.41+drm33.18-jwb x86_64 NonfreeKernelModules: nvidia Architecture: amd64 Date: Fri Jan 6 23:49:12 2012 ProcEnviron: LANGUAGE=en_US:en PATH=(custom, user) LANG=en_US.UTF-8 SHELL=/bin/zsh SourcePackage: shadow ** Affects: shadow (Ubuntu) Importance: Undecided Status: New ** Tags: amd64 apport-bug lucid -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/913029 Title: su segfaults when Ctrl-D is entered as the first charachter in response to the password prompt To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/shadow/+bug/913029/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs