oss-sec mailing list archives
CVE id request: libpam-pgsql
From: Nico Golde <oss-security+ml () ngolde de>
Date: Sat, 24 May 2008 22:37:45 +0200
Hi, it was discovered that a programming error in libpam-pgsql (value always being evaluated as true because of a missing bracket) enables an attacker to get root access for example by pressing ctrl-c after calling sudo. This change was introduced somewhere between version 0.5.2 and 0.6.2 (maybe earlier). This is Debian bug http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=481970 Note: this only leads to direct root access if the authentication using this pam module is configured as sufficient. Patch: Index: pam-pgsql-0.6.3/pam_pgsql.c =================================================================== --- pam-pgsql-0.6.3.orig/pam_pgsql.c 2008-05-24 19:37:21.000000000 +0200 +++ pam-pgsql-0.6.3/pam_pgsql.c 2008-05-24 19:43:17.000000000 +0200 @@ -583,7 +583,7 @@ if ((rc = pam_get_user(pamh, &user, NULL)) == PAM_SUCCESS) { if ((rc = get_module_options(argc, argv, &options)) == PAM_SUCCESS) { DBGLOG("attempting to authenticate: %s", user); - if ((rc = pam_get_pass(pamh, PAM_AUTHTOK, &password, PASSWORD_PROMPT, options->std_flags) == PAM_SUCCESS)) { + if ((rc = pam_get_pass(pamh, PAM_AUTHTOK, &password, PASSWORD_PROMPT, options->std_flags)) == PAM_SUCCESS) { if ((rc = auth_verify_password(pam_get_service(pamh), user, password, rhost, options)) == PAM_SUCCESS) { if ((password == 0 || *password == 0) && (flags & PAM_DISALLOW_NULL_AUTHTOK)) { rc = PAM_AUTH_ERR; Can I get a CVE id for this one please? Cheers Nico -- Nico Golde - http://www.ngolde.de - nion () jabber ccc de - GPG: 0x73647CFF For security reasons, all text in this mail is double-rot13 encrypted.
Attachment:
_bin
Description:
Current thread:
- CVE id request: libpam-pgsql Nico Golde (May 24)