/usr/bin/passwd crashes with a segmentation fault if given null input
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
pam (Debian) |
Fix Released
|
Unknown
|
|||
pam (Ubuntu) |
Fix Released
|
Undecided
|
Colin Watson |
Bug Description
Binary package hint: passwd
While changing my password, i hit CTRL-D at one of the inputs, and the program crashed after all password prompts had been cleared:
$ passwd
Changing password for ashridah
(current) UNIX password: <password as normal>
Enter new UNIX password: <enter ctrl-d instead of new password>
Retype new UNIX password: <enter anything>
Segmentation fault
This is easily repeatable, but only if ctrl-d is used for the first new password prompt. Entering ctrl-d for the second new password prompt fails as normal.
It doesn't appear to be much of a security issue, however, as passwd doesn't leave a core file or any other means to exploit it as it's setuid, but it probably should be checked carefully just in case.
Andrew
Changed in pam: | |
status: | Unknown → Fix Released |
tags 338810 upstream
thanks
I can reproduce this bug about entering Ctrl-D when prompted for a new
password by passwd.
This bug did not happen with sarge version of passwd:
spongebob@ mykerinos: ~$ passwd
Changing password for spongebob
(current) UNIX password:
Enter new UNIX password: ^D
Retype new UNIX password: ^D
Erreur de segmentation
Sarge:
bubulle@kheops:~$ passwd
Changing password for bubulle
(current) UNIX password:
Enter new UNIX password: ^D
Retype new UNIX password: ^D
No password supplied
--