Linux-PAM 1.2.1 released
Thorsten Kukuk
kukuk at suse.de
Thu Jun 25 16:19:56 UTC 2015
Hello,
Due to a security problem found in Linux-PAM, we released a
new version today: 1.2.1
The only change compared with 1.2.0 is the security fix for CVE-2015-3238:
If the process executing pam_sm_authenticate or pam_sm_chauthtok method
of pam_unix is not privileged enough to check the password, e.g.
if selinux is enabled, the _unix_run_helper_binary function is called.
When a long enough password is supplied (16 pages or more, i.e. 65536+
bytes on a system with 4K pages), this helper function hangs
indefinitely, blocked in the write(2) call while writing to a blocking
pipe that has a limited capacity.
With this fix, the verifiable password length will be limited to
PAM_MAX_RESP_SIZE bytes (i.e. 512 bytes) for pam_exec and pam_unix.
We would like to thank Sebastien Macke of Trustwave SpiderLabs for
the original bug report and Red Hat security response team for
forwarding this issue.
--
Thorsten Kukuk, Senior Architect SLES & Common Code Base
SUSE LINUX GmbH, Maxfeldstr. 5, 90409 Nuernberg, Germany
GF: Felix Imendörffer, Jane Smithard, Dilip Upmanyu, Graham Norton, HRB 21284 (AG Nürnberg)
More information about the Pam-list
mailing list