Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Thu, 6 Nov 2014 15:47:49 +0100
From: Andreas Barth <aba@...us.org>
To: oss-security@...ts.openwall.com
Cc: 742140@...s.debian.org
Subject: Re: Bug#742140: libpam-oath: PAM module does not check whether
	strdup allocations succeeded

Hi,

we have the following debian bug report about an security isuse in
libpam-oath (source oath-toolkit, upstream web page
http://www.nongnu.org/oath-toolkit/ ).

What is the appropriate process to get an CVE number on it? This issue
is already public, as it is documented in the debian bug tracking
system.


Andi

* Eero Häkkinen (eero17@...foot.com) [141106 14:31]:
> Package: libpam-oath
> Version: 2.0.2-2
> Severity: grave
> Tags: security upstream patch
> 
> The OATH Toolkit PAM module does not check whether strdup allocations 
> succeeded. This may result in null pointer dereference and application 
> crash.
> 
> Depending on the use of the PAM module, this may be remotely exploitable.

> diff --git a/pam_oath/pam_oath.c b/pam_oath/pam_oath.c
> index 8379358..e2d3363 100644
> --- a/pam_oath/pam_oath.c
> +++ b/pam_oath/pam_oath.c
> @@ -146,6 +146,12 @@ pam_sm_authenticate (pam_handle_t * pamh,
>    char *query_prompt = NULL;
>    char *onlypasswd = strdup ("");	/* empty passwords never match */
>  
> +  if (!onlypasswd)
> +    {
> +      retval = PAM_BUF_ERR;
> +      goto done;
> +    }
> +
>    parse_cfg (flags, argc, argv, &cfg);
>  
>    retval = pam_get_user (pamh, &user, NULL);
> @@ -265,6 +271,11 @@ pam_sm_authenticate (pam_handle_t * pamh,
>      {
>        free (onlypasswd);
>        onlypasswd = strdup (password);
> +      if (!onlypasswd)
> +        {
> +          retval = PAM_BUF_ERR;
> +          goto done;
> +        }
>  
>        /* user entered their system password followed by generated OTP? */
>  

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ