Date: Fri, 05 Jul 2013 18:25:03 +0000 From: "mancha" <mancha1@...h.com> To: oss-security@...ts.openwall.com Subject: NULL pointer dereferences; multiple issues At the suggestion of Marcus Meissner from OpenSUSE, I am posting here. --- Background: Beginning with glibc 2.17 (eglibc 2.17), crypt() fails with EINVAL (w/ NULL return) if the salt violates specifications. Additionally, on FIPS-140 enabled Linux systems, DES or MD5 encrypted passwords passed to crypt() fail with EPERM (w/ NULL return). --- A project of mine, which began with helping the Slackware Linux team patch their Shadow tools suite to properly handle possible NULL returns from glibc 2.17+ crypt(), has since evolved into a larger project where I have been working with developers to introduce needed protections to prevent crypt() NULL pointer dereference situations. So far the list includes: cvs, gdm, KDE/kdm, KDE/kcheckpass, shadow-tools, slim, tcsh, Xorg/xdm, and yp-tools. My policy has been to make public my fixes once upstream developers had a chance to commit fixes. The only exceptions are: cvs (inactive project), shadow-tools (Christian Perrier let me know Shadow-tools development is temporarily halted), and yp-tools (I have been repeatedly unable to contact Thorsten Kukuk). The gdm 2.20.11 fix was not shared with Gnome because gdm, as of 2.21, no longer supports non-PAM authentication. The security implications of these issues vary in nature and severity. So far, only xdm has an associated CVE: CVE-2013-2179. My progress is being documented in Slackware's de facto bug & discussion forum (linuxquestions.org). You can view thread here: https://www.linuxquestions.org/questions/slackware-14/%5Bslackware- current%5D-glibc-2-17-shadow-and-other-penumbrae-4175461061/ Finally, I am placing patch files along with a signed digest file in a sourceforge project: https://sourceforge.net/projects/miscellaneouspa/files/glibc217/ Cheers, --mancha P.S. I was not involved with the fixes for screen, ppp, dropbear, and popa3d. I documented the upstream fixes, however, for Slackware's benefit. == PGP Key ID: 0xB5ABF4FFF7048E92 Key fingerprint = 7F1F E9BF 77CF 15AC 8F6B C934 B5AB F4FF F704 8E92 ==
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.