100% CPU utilitization in pam_env parsing
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
pam (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
The pam_env variable expansion routine does not correctly abort under some situations when expending variable names. This triggers 100% CPU use and syslog flooding.
To reproduce:
cat <<EOM >~/.pam_environment
EVIL_FILLER_255 DEFAULT=
EVIL_FILLER_256 DEFAULT=
EVIL_FILLER_1024 DEFAULT=
EVIL_FILLER_8191 DEFAULT=
EVIL_OVERFLOW_DOS DEFAULT=
EOM
This will trigger CPU usage for whatever process runs the PAM stack. For example, to make root run away, run "su - $USER" and correctly authenticate.
Changed in pam (Ubuntu): | |
status: | New → Triaged |
visibility: | private → public |
visibility: | private → public |
Please use CVE-2011-3149