2022-02-19 01:32:08 |
Seth Arnold |
bug |
|
|
added bug |
2022-02-19 01:32:19 |
Seth Arnold |
bug |
|
|
added subscriber Didier Roche |
2022-02-21 09:56:25 |
Didier Roche-Tolomelli |
bug |
|
|
added subscriber Jean-Baptiste Lallement |
2022-02-23 01:30:16 |
Seth Arnold |
information type |
Private Security |
Public |
|
2022-02-23 02:19:10 |
Seth Arnold |
bug watch added |
|
https://github.com/linux-pam/linux-pam/issues/444 |
|
2022-03-08 10:20:45 |
Didier Roche-Tolomelli |
adsys (Ubuntu): status |
New |
Fix Committed |
|
2022-03-08 15:39:04 |
Launchpad Janitor |
adsys (Ubuntu): status |
Fix Committed |
Fix Released |
|
2022-06-08 08:12:56 |
Didier Roche-Tolomelli |
nominated for series |
|
Ubuntu Focal |
|
2022-06-08 08:12:56 |
Didier Roche-Tolomelli |
bug task added |
|
adsys (Ubuntu Focal) |
|
2022-06-08 13:41:48 |
Didier Roche-Tolomelli |
description |
These may not be security issues but it's possible I overlooked something; since they live in a security boundary I thought it worth reporting with a bit of hassle. If you'd rather work on this in the open, feel free to open this.
pam_adsys.c update_policy() arggv leak in fork() failure
pam_adsys.c update_machine_policy() arggv leak in fork() failure
pam_adsys.c update_machine_policy() -- status != 0 looks like it ought to
work but I don't think that's how that API is supposed to be used
pam_adsys.c pam_sm_open_session() -- gethostname() indentation is funny
Thanks |
[Impact]
Memory leaks in adsys pam modules.
[Test Plan]
1. Install SRU version of adsys
2. Login as an user
3. Ensure that you can still login successfully.
[Where problems could occur]
Login can be disabled due to the PAM module crashing. There is only one code path leading to that, so easy to detect.
--------------
These may not be security issues but it's possible I overlooked something; since they live in a security boundary I thought it worth reporting with a bit of hassle. If you'd rather work on this in the open, feel free to open this.
pam_adsys.c update_policy() arggv leak in fork() failure
pam_adsys.c update_machine_policy() arggv leak in fork() failure
pam_adsys.c update_machine_policy() -- status != 0 looks like it ought to
work but I don't think that's how that API is supposed to be used
pam_adsys.c pam_sm_open_session() -- gethostname() indentation is funny
Thanks |
|
2022-06-08 13:41:57 |
Didier Roche-Tolomelli |
bug |
|
|
added subscriber Ubuntu Stable Release Updates Team |
2022-09-21 09:44:37 |
Łukasz Zemczak |
adsys (Ubuntu Focal): status |
New |
Fix Committed |
|
2022-09-21 09:44:38 |
Łukasz Zemczak |
bug |
|
|
added subscriber SRU Verification |
2022-09-21 09:44:41 |
Łukasz Zemczak |
tags |
|
verification-needed verification-needed-focal |
|
2022-09-26 14:22:43 |
Jean-Baptiste Lallement |
tags |
verification-needed verification-needed-focal |
verification-done verification-done-focal |
|
2022-10-05 01:28:37 |
Chris Halse Rogers |
removed subscriber Ubuntu Stable Release Updates Team |
|
|
|
2022-10-05 01:36:03 |
Launchpad Janitor |
adsys (Ubuntu Focal): status |
Fix Committed |
Fix Released |
|