Bug#153915: Bug still present in Debian 5.0.4
Roman Medina-Heigl Hernandez
roman at rs-labs.com
Fri Mar 5 10:13:49 UTC 2010
Hello,
Same problem here in a up-to-date Debian stable (5.0.4 with all security
fixes, etc).
I surfed the web googling for more info and I could hear about the same
problem reported in different forums, etc (there are several bug-ids in
Debian bug-tracking system, for instance). It's not clear whether the
problem is caused by saslauthd, libpam or any of the pam modules
(pam-mysql, mainly). But it's clear that "something" is leaking memory.
Only workaround I've found was to restart saslauthd service periodically
(via cron). There is another workaround ("-n 0" switch) which I didn't
test, since it would be not acceptable (IMHO) due to performance problems.
This bug can be abused to cause a DoS (server crash due to be out of
memory), so it has a security impact.
Bug reports if this bug arise from 2006 or earlier; incredibly it's NOT
fixed yet (we're in 2010!).
Cheers,
-Roman
More information about the Pkg-cyrus-sasl2-debian-devel
mailing list