Red Hat Bugzilla – Bug 489932
CVE-2009-0887 pam: integer signedness error in _pam_StrTok()
Last modified: 2010-10-20 06:00:34 EDT
Common Vulnerabilities and Exposures assigned an identifier CVE-2009-0887 to
the following vulnerability:
Reference: MLIST:[oss-security] 20090305 CVE Request -- pam
Reference: URL: http://openwall.com/lists/oss-security/2009/03/05/1
Reference: CONFIRM: http://pam.cvs.sourceforge.net/viewvc/pam/Linux-PAM/libpam/pam_misc.c?r1=1.9&r2=1.10&view=patch
Reference: CONFIRM: http://pam.cvs.sourceforge.net/viewvc/pam/Linux-PAM/libpam/pam_misc.c?view=log
Reference: URL: http://www.securityfocus.com/bid/34010
Reference: URL: http://xforce.iss.net/xforce/xfdb/49110
Integer signedness error in the _pam_StrTok function in
libpam/pam_misc.c in Linux-PAM (aka pam) 1.0.3 and earlier, when a
configuration file contains non-ASCII usernames, might allow remote
attackers to cause a denial of service, and might allow remote
authenticated users to obtain login access with a different user's
non-ASCII username, via a login attempt.
It is very questionable whether this problem is even a security vulnerability. As the attacker cannot manipulate the configuration files it would basically require a misconfiguration of pam for the attack to be possible.
pam-1.0.4-2.fc9 has been submitted as an update for Fedora 9.
pam-1.0.4-2.fc10 has been submitted as an update for Fedora 10.
pam-1.0.4-3.fc9 has been submitted as an update for Fedora 9.
pam-1.0.4-4.fc9 has been submitted as an update for Fedora 9.
pam-1.0.4-4.fc10 has been submitted as an update for Fedora 10.
pam-1.0.4-4.fc10 has been pushed to the Fedora 10 stable repository. If problems still persist, please make note of it in this bug report.
pam-1.0.4-4.fc9 has been pushed to the Fedora 9 stable repository. If problems still persist, please make note of it in this bug report.
Closing not-a-security-bug based on comment #1.
Red Hat does not consider this issue to be a security vulnerability. Affected function is only used to parse PAM configuration files and this bug can only be triggered by specific configuration created by the system administrator.