100% CPU utilitization in pam_env parsing
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| pam (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned | ||
Bug Description
The pam_env variable expansion routine does not correctly abort under some situations when expending variable names. This triggers 100% CPU use and syslog flooding.
To reproduce:
cat <<EOM >~/.pam_environment
EVIL_FILLER_255 DEFAULT=
EVIL_FILLER_256 DEFAULT=
EVIL_FILLER_1024 DEFAULT=
EVIL_FILLER_8191 DEFAULT=
EVIL_OVERFLOW_DOS DEFAULT=
EOM
This will trigger CPU usage for whatever process runs the PAM stack. For example, to make root run away, run "su - $USER" and correctly authenticate.
| Changed in pam (Ubuntu): | |
| status: | New → Triaged |
| visibility: | private → public |
| visibility: | private → public |

Please use CVE-2011-3149