Bug 489932 (CVE-2009-0887)

Summary: CVE-2009-0887 pam: integer signedness error in _pam_StrTok()
Product: [Other] Security Response Reporter: Vincent Danen <vdanen>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED NOTABUG QA Contact:
Severity: low Docs Contact:
Priority: low    
Version: unspecifiedCC: nalin, tmraz
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
URL: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-0887
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2010-10-20 10:00:34 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Vincent Danen 2009-03-12 15:42:33 UTC
Common Vulnerabilities and Exposures assigned an identifier CVE-2009-0887 to
the following vulnerability:

Name: CVE-2009-0887
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0887
Assigned: 20090312
Reference: MLIST:[oss-security] 20090305 CVE Request -- pam
Reference: URL: http://openwall.com/lists/oss-security/2009/03/05/1
Reference: CONFIRM: http://pam.cvs.sourceforge.net/viewvc/pam/Linux-PAM/libpam/pam_misc.c?r1=1.9&amp;r2=1.10&amp;view=patch
Reference: CONFIRM: http://pam.cvs.sourceforge.net/viewvc/pam/Linux-PAM/libpam/pam_misc.c?view=log
Reference: BID:34010
Reference: URL: http://www.securityfocus.com/bid/34010
Reference: XF:linuxpam-pamstrtok-priv-escalation(49110)
Reference: URL: http://xforce.iss.net/xforce/xfdb/49110

Integer signedness error in the _pam_StrTok function in
libpam/pam_misc.c in Linux-PAM (aka pam) 1.0.3 and earlier, when a
configuration file contains non-ASCII usernames, might allow remote
attackers to cause a denial of service, and might allow remote
authenticated users to obtain login access with a different user's
non-ASCII username, via a login attempt.

Comment 1 Tomas Mraz 2009-03-12 16:00:54 UTC
It is very questionable whether this problem is even a security vulnerability. As the attacker cannot manipulate the configuration files it would basically require a misconfiguration of pam for the attack to be possible.

Comment 3 Fedora Update System 2009-03-17 14:49:49 UTC
pam-1.0.4-2.fc9 has been submitted as an update for Fedora 9.
http://admin.fedoraproject.org/updates/pam-1.0.4-2.fc9

Comment 4 Fedora Update System 2009-03-17 14:50:16 UTC
pam-1.0.4-2.fc10 has been submitted as an update for Fedora 10.
http://admin.fedoraproject.org/updates/pam-1.0.4-2.fc10

Comment 5 Fedora Update System 2009-03-26 10:46:10 UTC
pam-1.0.4-3.fc9 has been submitted as an update for Fedora 9.
http://admin.fedoraproject.org/updates/pam-1.0.4-3.fc9

Comment 6 Fedora Update System 2009-03-30 16:43:52 UTC
pam-1.0.4-4.fc9 has been submitted as an update for Fedora 9.
http://admin.fedoraproject.org/updates/pam-1.0.4-4.fc9

Comment 7 Fedora Update System 2009-03-30 16:45:02 UTC
pam-1.0.4-4.fc10 has been submitted as an update for Fedora 10.
http://admin.fedoraproject.org/updates/pam-1.0.4-4.fc10

Comment 8 Fedora Update System 2009-04-14 15:52:49 UTC
pam-1.0.4-4.fc10 has been pushed to the Fedora 10 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 9 Fedora Update System 2009-04-14 15:58:31 UTC
pam-1.0.4-4.fc9 has been pushed to the Fedora 9 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 10 Tomas Hoger 2010-10-20 10:00:34 UTC
Closing not-a-security-bug based on comment #1.

Statement:

Red Hat does not consider this issue to be a security vulnerability. Affected function is only used to parse PAM configuration files and this bug can only be triggered by specific configuration created by the system administrator.