Bug 237003 (CVE-2007-1859)
Summary: | CVE-2007-1859 xscreensaver authentication bypass | ||||||
---|---|---|---|---|---|---|---|
Product: | [Other] Security Response | Reporter: | Josh Bressers <bressers> | ||||
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> | ||||
Status: | CLOSED ERRATA | QA Contact: | |||||
Severity: | medium | Docs Contact: | |||||
Priority: | medium | ||||||
Version: | unspecified | CC: | security-response-team | ||||
Target Milestone: | --- | Keywords: | Security | ||||
Target Release: | --- | ||||||
Hardware: | All | ||||||
OS: | Linux | ||||||
Whiteboard: | |||||||
Fixed In Version: | RHSA-2007-0322 | Doc Type: | Bug Fix | ||||
Doc Text: | Story Points: | --- | |||||
Clone Of: | Environment: | ||||||
Last Closed: | 2007-05-02 14:26:30 UTC | Type: | --- | ||||
Regression: | --- | Mount Type: | --- | ||||
Documentation: | --- | CRM: | |||||
Verified Versions: | Category: | --- | |||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
Cloudforms Team: | --- | Target Upstream Version: | |||||
Embargoed: | |||||||
Attachments: |
|
Description
Josh Bressers
2007-04-18 20:16:41 UTC
This flaw should also affect RHEL 2.1 and 3 Created attachment 152950 [details]
check for null passwd entry from getpwuid
something like this work (although it hasn't been tested yet)
xscreensaver-4.18-5.rhel4.14 built into RHEL-4-embargo . I can confirm it fixes the problem. Ray, What about RHEL 2.1 and 3? They are xscreensaver-3.33-4.rhel21.4 and xscreensaver-4.10-21.el3 respectively. By the way, you can test this by: 1) su -c "scp username.redhat.com:/etc/krb* /etc" 2) running authconfig 3) choosing LDAP and Kerberos (but not LDAP for authentication) and making sure NIS is unchecked. For LDAP put ldap.boston.redhat.com and you don't need to use TLS 4) running getent passwd. You should see all red hat accounts in the output 5) editing /etc/ldap.conf and setting the bind_timelimit to 1 or a small number 6) logging in 7) run xscreensaver-command -lock 8) pull the networking cable 9) move the mouse and wait for the dialog to come up. After a long time it (i went to lunch and came back) it will eventually come up with "???". 10) type any password and watch xscreensaver crash, unlocking the screen If you add a step 7.5) sss into the machine and run su -c "/sbin/ifdown eth0" then I don't think you'll have to wait as long in step 9 Repruducer comment for Stable System testing: Pulling the cable not needed, just config iptables/firewall 8) iptables -A -s ldap.boston.redhat.com -j DROP flaw reproducible in approx. 5 min This flaw is public with the release of xscreensaver 5.02 An advisory has been issued which should help the problem described in this bug report. This report is therefore being closed with a resolution of ERRATA. For more information on the solution and/or where to find the updated files, please follow the link below. You may reopen this bug report if the solution does not work for you. http://rhn.redhat.com/errata/RHSA-2007-0322.html |