[Pkg-shadow-devel] Bug#360657: passwd SIGSEGV on empty password
Steve Kemp
skx at debian.org
Mon Apr 3 21:36:27 UTC 2006
On Mon, Apr 03, 2006 at 10:59:32PM +0200, Matteo Croce wrote:
> Package: passwd
> Version: 1:4.0.14-9
> Severity: critical
> Tags: security
> Justification: root security hole
>
> Just press ^D instead of the new password and passwd will segfaults.
> I think that this is grave because it's set uid root.
Interestingly this only happens upon my Sid machine.
Upon Sarge it works as expected:
skx at lappy:~$ passwd
Changing password for skx
(current) UNIX password:
Enter new UNIX password:
Retype new UNIX password:
No password supplied
Enter new UNIX password:
Retype new UNIX password:
No password supplied
Enter new UNIX password:
Retype new UNIX password:
No password supplied
passwd: Authentication token manipulation error
On unstable it behaves as you describe:
skx at itchy:~$ passwd
Changing password for skx
(current) UNIX password:
Enter new UNIX password:
Retype new UNIX password:
Segmentation fault
Under gdb I see this:
Retype new UNIX password:
Program received signal SIGSEGV, Segmentation fault.
0xb7d815eb in pam_sm_chauthtok () from /lib/security/pam_unix.so
(gdb) bt
#0 0xb7d815eb in pam_sm_chauthtok () from /lib/security/pam_unix.so
#1 0xb7fa9a9a in _pam_dispatch () from /lib/libpam.so.0
#2 0xb7fabfa3 in pam_chauthtok () from /lib/libpam.so.0
#3 0x0804b1df in ?? ()
#4 0x08052388 in ?? ()
#5 0x00000000 in ?? ()
Unfortunately I don't have time tonight to investigate, but it
looks like it is a pam_unix.so / libpam.so bug, rather than a
passwd bug.
Steve
--
More information about the Pkg-shadow-devel
mailing list