Bug 247514 - chpasswd buffer overflow
chpasswd buffer overflow
Status: CLOSED ERRATA
Product: Red Hat Enterprise Linux 5
Classification: Red Hat
Component: shadow-utils (Show other bugs)
5.0
All Linux
low Severity low
: ---
: ---
Assigned To: Peter Vrabec
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2007-07-09 14:03 EDT by Thorsten Scherf
Modified: 2016-06-10 10:21 EDT (History)
4 users (show)

See Also:
Fixed In Version: RHBA-2008-0325
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2008-05-21 11:36:41 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
backport of a patch from 4.0.18.1 (1.17 KB, patch)
2007-07-11 11:37 EDT, Tomas Heinrich
no flags Details | Diff

  None (edit)
Description Thorsten Scherf 2007-07-09 14:03:26 EDT
Description of problem:
chpasswd terminates with buffer overflow detection


Version-Release number of selected component (if applicable):
shadow-utils-4.0.17-12.el5

How reproducible:
useradd foo; echo foo:password |chpasswd -m

Steps to Reproduce:
1.useradd foo; echo foo:password |chpasswd -m
2.
3.
  
Actual results:
[root@inf01 ~]# useradd foo; echo foo:password |chpasswd -m
*** buffer overflow detected ***: chpasswd terminated
======= Backtrace: =========
/lib/i686/nosegneg/libc.so.6(__chk_fail+0x41)[0x470eeac1]
/lib/i686/nosegneg/libc.so.6[0x470edf77]
chpasswd[0x804970b]
/lib/i686/nosegneg/libc.so.6(__libc_start_main+0xdc)[0x47020dec]
chpasswd[0x8049431]
======= Memory map: ========
002cb000-002cc000 r-xp 002cb000 00:00 0          [vdso]
08048000-0804e000 r-xp 00000000 fd:00 1418748    /usr/sbin/chpasswd
0804e000-08050000 rwxp 00005000 fd:00 1418748    /usr/sbin/chpasswd
08aa2000-08ac3000 rwxp 08aa2000 00:00 0 
46fee000-47007000 r-xp 00000000 fd:00 2000677    /lib/ld-2.5.so
47007000-47008000 r-xp 00018000 fd:00 2000677    /lib/ld-2.5.so
47008000-47009000 rwxp 00019000 fd:00 2000677    /lib/ld-2.5.so
4700b000-47145000 r-xp 00000000 fd:00 2000740    /lib/i686/nosegneg/libc-2.5.so
47145000-47147000 r-xp 0013a000 fd:00 2000740    /lib/i686/nosegneg/libc-2.5.so
47147000-47148000 rwxp 0013c000 fd:00 2000740    /lib/i686/nosegneg/libc-2.5.so
47148000-4714b000 rwxp 47148000 00:00 0 
4714d000-4714f000 r-xp 00000000 fd:00 2000741    /lib/libdl-2.5.so
4714f000-47150000 r-xp 00001000 fd:00 2000741    /lib/libdl-2.5.so
47150000-47151000 rwxp 00002000 fd:00 2000741    /lib/libdl-2.5.so
471aa000-471bf000 r-xp 00000000 fd:00 2000758    /lib/libselinux.so.1
471bf000-471c1000 rwxp 00015000 fd:00 2000758    /lib/libselinux.so.1
471c3000-471fe000 r-xp 00000000 fd:00 2000757    /lib/libsepol.so.1
471fe000-471ff000 rwxp 0003a000 fd:00 2000757    /lib/libsepol.so.1
471ff000-47209000 rwxp 471ff000 00:00 0 
47351000-47356000 r-xp 00000000 fd:00 2000764    /lib/libcrypt-2.5.so
47356000-47357000 r-xp 00004000 fd:00 2000764    /lib/libcrypt-2.5.so
47357000-47358000 rwxp 00005000 fd:00 2000764    /lib/libcrypt-2.5.so
47358000-4737f000 rwxp 47358000 00:00 0 
4af56000-4af61000 r-xp 00000000 fd:00 1998850    /lib/libgcc_s-4.1.1-20070105.so.1
4af61000-4af62000 rwxp 0000a000 fd:00 1998850    /lib/libgcc_s-4.1.1-20070105.so.1
b7da4000-b7fa4000 r--p 00000000 fd:00 1413355    /usr/lib/locale/locale-archive
b7fa4000-b7fa6000 rw-p b7fa4000 00:00 0 
b7fab000-b7faf000 rw-p b7fab000 00:00 0 
bfbfb000-bfc11000 rw-p bfbfb000 00:00 0          [stack]
Aborted


Expected results:
changed password

Additional info:
Comment 1 Tomas Heinrich 2007-07-11 11:37:27 EDT
Created attachment 158963 [details]
backport of a patch from 4.0.18.1
Comment 3 Daniel Riek 2007-10-05 12:50:48 EDT
Engineering feedback: shadowutils don't qualify for FasTrack in 5.2 as changes
are too intrusive.
Comment 4 RHEL Product and Program Management 2007-10-19 16:27:53 EDT
This request was evaluated by Red Hat Product Management for inclusion in a Red
Hat Enterprise Linux maintenance release.  Product Management has requested
further review of this request by Red Hat Engineering, for potential
inclusion in a Red Hat Enterprise Linux Update release for currently deployed
products.  This request is not yet committed for inclusion in an Update
release.
Comment 9 errata-xmlrpc 2008-05-21 11:36:41 EDT
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHBA-2008-0325.html

Note You need to log in before you can comment on or make changes to this bug.