Bugzilla will be upgraded to version 5.0 on a still to be determined date in the near future. The original upgrade date has been delayed.
First Last Prev Next    This bug is not in your last search results.
Bug 151434 - Buffer overflow in cracklib
Buffer overflow in cracklib
Status: CLOSED CURRENTRELEASE
Product: Fedora
Classification: Fedora
Component: cracklib (Show other bugs)
3
All Linux
medium Severity medium
: ---
: ---
Assigned To: Nalin Dahyabhai
Brian Brock
http://sourceforge.net/mailarchive/fo...
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2005-03-17 15:55 EST by Jürgen Hötzel
Modified: 2008-01-05 12:40 EST (History)
1 user (show)

See Also:
Fixed In Version: cracklib-2.8.9-10
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2008-01-05 12:40:39 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

  None (edit)
Description Jürgen Hötzel 2005-03-17 15:55:49 EST 
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.5) Gecko/20041107 Firefox/1.0

Description of problem:
Buffer overflow in cracklib (verified 2.8.x and 2.7). This could lead to
execution of arbitrary code when not using stack smashing protection:
 
exploited in C:
 
FascistCheck(pwd, string_longer_than_1024_bytes);
-> Speicherzugriffsfehler (core dumped)
 
or PHP (crack extension must be loaded):
 
<?PHP
$foo =  sprintf("%2048s", "foo");
$dictionary = crack_opendict($foo) or die("Unable to open CrackLib dictionary");
?>
-> child pid 16256 exit signal Segmentation fault (11)
 

Version-Release number of selected component (if applicable):


How reproducible:
Always

Steps to Reproduce:
See description.
Supply dictionary > 1024 as user input
  

Additional info:
Comment 1 Matthew Miller 2006-07-10 17:36:47 EDT 
Fedora Core 3 is now maintained by the Fedora Legacy project for security
updates only. If this problem is a security issue, please reopen and
reassign to the Fedora Legacy product. If it is not a security issue and
hasn't been resolved in the current FC5 updates or in the FC6 test
release, reopen and change the version to match.

Thank you!
Comment 2 Till Maas 2008-01-05 12:40:39 EST 
I get "File name too long" with cracklib-2.8.9-10 from Fedora 7
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.