Ubuntu

Double free security issue

Reported by Marc Deslauriers on 2012-03-07
258
This bug affects 1 person
Affects Status Importance Assigned to Milestone
python-pam (Ubuntu)
Medium
Marc Deslauriers
Lucid
Medium
Marc Deslauriers
Maverick
Medium
Marc Deslauriers
Natty
Medium
Marc Deslauriers
Oneiric
Medium
Marc Deslauriers
Precise
Medium
Marc Deslauriers

Bug Description

LSE discovered that by supplying a password containing a NULL-byte to the PyPAM module, a double-free condition is triggered. This leads to undefined behaviour and may allow remote code execution.

Changed in python-pam (Ubuntu Lucid):
status: New → Confirmed
Changed in python-pam (Ubuntu Maverick):
status: New → Confirmed
Changed in python-pam (Ubuntu Natty):
status: New → Confirmed
Changed in python-pam (Ubuntu Oneiric):
status: New → Confirmed
Changed in python-pam (Ubuntu Precise):
status: New → Confirmed
Changed in python-pam (Ubuntu Lucid):
importance: Undecided → Medium
Changed in python-pam (Ubuntu Maverick):
importance: Undecided → Medium
Changed in python-pam (Ubuntu Natty):
importance: Undecided → Medium
Changed in python-pam (Ubuntu Oneiric):
importance: Undecided → Medium
Changed in python-pam (Ubuntu Precise):
importance: Undecided → Medium
Changed in python-pam (Ubuntu Lucid):
assignee: nobody → Marc Deslauriers (mdeslaur)
Changed in python-pam (Ubuntu Maverick):
assignee: nobody → Marc Deslauriers (mdeslaur)
Changed in python-pam (Ubuntu Natty):
assignee: nobody → Marc Deslauriers (mdeslaur)
Changed in python-pam (Ubuntu Oneiric):
assignee: nobody → Marc Deslauriers (mdeslaur)
Changed in python-pam (Ubuntu Precise):
assignee: nobody → Marc Deslauriers (mdeslaur)
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package python-pam - 0.4.2-12.2ubuntu4

---------------
python-pam (0.4.2-12.2ubuntu4) precise; urgency=low

  * SECURITY UPDATE: possible code execution via double-free (LP: #949218)
    - PAMmodule.c: prevent double free in PyPAM_conv().
    - Thanks to Markus Vervier for the notification and the patch.
    - CVE-2012-1502
 -- Marc Deslauriers <email address hidden> Thu, 08 Mar 2012 08:06:43 -0500

Changed in python-pam (Ubuntu Precise):
status: Confirmed → Fix Released
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package python-pam - 0.4.2-12.2ubuntu2.11.10.1

---------------
python-pam (0.4.2-12.2ubuntu2.11.10.1) oneiric-security; urgency=low

  * SECURITY UPDATE: possible code execution via double-free (LP: #949218)
    - PAMmodule.c: prevent double free in PyPAM_conv().
    - Thanks to Markus Vervier for the notification and the patch.
    - CVE-2012-1502
 -- Marc Deslauriers <email address hidden> Thu, 08 Mar 2012 08:07:00 -0500

Launchpad Janitor (janitor) wrote :

This bug was fixed in the package python-pam - 0.4.2-12.2ubuntu2.11.04.1

---------------
python-pam (0.4.2-12.2ubuntu2.11.04.1) natty-security; urgency=low

  * SECURITY UPDATE: possible code execution via double-free (LP: #949218)
    - PAMmodule.c: prevent double free in PyPAM_conv().
    - Thanks to Markus Vervier for the notification and the patch.
    - CVE-2012-1502
 -- Marc Deslauriers <email address hidden> Thu, 08 Mar 2012 08:05:24 -0500

Launchpad Janitor (janitor) wrote :

This bug was fixed in the package python-pam - 0.4.2-12.1ubuntu1.10.10.1

---------------
python-pam (0.4.2-12.1ubuntu1.10.10.1) maverick-security; urgency=low

  * SECURITY UPDATE: possible code execution via double-free (LP: #949218)
    - PAMmodule.c: prevent double free in PyPAM_conv().
    - Thanks to Markus Vervier for the notification and the patch.
    - CVE-2012-1502
 -- Marc Deslauriers <email address hidden> Thu, 08 Mar 2012 09:11:03 -0500

Launchpad Janitor (janitor) wrote :

This bug was fixed in the package python-pam - 0.4.2-12.1ubuntu1.10.04.1

---------------
python-pam (0.4.2-12.1ubuntu1.10.04.1) lucid-security; urgency=low

  * SECURITY UPDATE: possible code execution via double-free (LP: #949218)
    - PAMmodule.c: prevent double free in PyPAM_conv().
    - Thanks to Markus Vervier for the notification and the patch.
    - CVE-2012-1502
 -- Marc Deslauriers <email address hidden> Thu, 08 Mar 2012 09:42:55 -0500

Changed in python-pam (Ubuntu Lucid):
status: Confirmed → Fix Released
Changed in python-pam (Ubuntu Maverick):
status: Confirmed → Fix Released
Changed in python-pam (Ubuntu Natty):
status: Confirmed → Fix Released
Changed in python-pam (Ubuntu Oneiric):
status: Confirmed → Fix Released
visibility: private → public
To post a comment you must log in.
This report contains Public Security information  Edit
Everyone can see this security related information.

Other bug subscribers