Bug 125471 - pam_krb5 can crash if demand-loaded into a binary which links with libcrypto on some 64-bit arches
pam_krb5 can crash if demand-loaded into a binary which links with libcrypto ...
Product: Red Hat Enterprise Linux 2.1
Classification: Red Hat
Component: pam_krb5 (Show other bugs)
ia64 Linux
medium Severity medium
: ---
: ---
Assigned To: Nalin Dahyabhai
Brian Brock
Depends On:
  Show dependency treegraph
Reported: 2004-06-07 16:14 EDT by Nalin Dahyabhai
Modified: 2007-11-30 17:06 EST (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2004-08-18 11:53:26 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Nalin Dahyabhai 2004-06-07 16:14:27 EDT
The pam_krb5 1.x module calls various des functions from the Kerberos
5 libdes425 library when obtaining initial v4 credentials.  On 64-bit
architectures, applications which link with OpenSSL's libcrypto pull
in a different implementation of these functions which expect
arguments to have sizes which differ from those allocated by the
pam_krb5 module, and the application may crash when pam_krb5 calls
these functions.  This incompatibility affects 64-bit platforms on
which DES_INT was not defined at compile-time for OpenSSL.
Comment 1 Nalin Dahyabhai 2004-06-07 16:15:25 EDT
Because changing either library to match the other would break its
ABI, I think the best we can do for now is to work around this in
Comment 4 John Flanagan 2004-08-18 11:53:26 EDT
An errata has been issued which should help the problem 
described in this bug report. This report is therefore being 
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files, 
please follow the link below. You may reopen this bug report 
if the solution does not work for you.


Note You need to log in before you can comment on or make changes to this bug.