<Ctrl+C> might allow to bypass authentication
Bug #242690 reported by
Thierry Carrez
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
pam-pgsql (Debian) |
Fix Released
|
Unknown
|
|||
pam-pgsql (Ubuntu) |
Fix Released
|
High
|
Unassigned | ||
Gutsy |
Fix Released
|
High
|
Unassigned | ||
Hardy |
Fix Released
|
High
|
Unassigned | ||
Intrepid |
Fix Released
|
High
|
Unassigned |
Bug Description
CVE-2008-2516
pam_sm_authenticate in pam_pgsql.c in libpam-pgsql 0.6.3 does not properly consider operator precedence when evaluating the success of a pam_get_pass function call, which allows local users to gain privileges via a SIGINT signal when this function is executing, as demonstrated by a CTRL-C sequence at a sudo password prompt in an "auth sufficient pam_pgsql.so" configuration.
Affected : gutsy, hardy, intrepid
Fixed in Debian 0.6.3-2, I'm working on a fakesync (our orig.tar.gz is borken)
CVE References
Changed in pam-pgsql: | |
status: | Unknown → Fix Released |
Changed in pam-pgsql: | |
status: | Triaged → Fix Committed |
status: | Triaged → Fix Committed |
Changed in pam-pgsql: | |
status: | Triaged → Fix Committed |
Changed in pam-pgsql: | |
status: | Fix Committed → Fix Released |
To post a comment you must log in.
The minimal fix, for the record (and learning).