[v3.0] Linux-PAM: security issue in the pam_unix module (CVE-2015-3238)
Due to a security problem found in Linux-PAM, we released a
new version today: 1.2.1
The only change compared with 1.2.0 is the security fix for
CVE-2015-3238:
If the process executing pam_sm_authenticate or pam_sm_chauthtok
method
of pam_unix is not privileged enough to check the password, e.g.
if selinux is enabled, the _unix_run_helper_binary function is
called.
When a long enough password is supplied (16 pages or more, i.e. 65536+
bytes on a system with 4K pages), this helper function hangs
indefinitely, blocked in the write(2) call while writing to a blocking
pipe that has a limited capacity.
With this fix, the verifiable password length will be limited to
PAM_MAX_RESP_SIZE bytes (i.e. 512 bytes) for pam_exec and pam_unix.
Reference:
https://www.redhat.com/archives/pam-list/2015-June/msg00001.html
https://security-tracker.debian.org/tracker/CVE-2015-3238
(from redmine: issue id 4389, created on 2015-06-26, closed on 2017-09-05)
- Relations:
- parent #4387