Bug 661163 (CVE-2010-4341) - CVE-2010-4341 sssd: DoS in sssd PAM responder can prevent logins
Summary: CVE-2010-4341 sssd: DoS in sssd PAM responder can prevent logins
Status: CLOSED ERRATA
Alias: CVE-2010-4341
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
low
low
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard: public=20110111,reported=20101206,sou...
Keywords: Security
Depends On: 668888 688248 688250
Blocks:
TreeView+ depends on / blocked
 
Reported: 2010-12-07 23:37 UTC by Vincent Danen
Modified: 2019-06-08 18:41 UTC (History)
8 users (show)

(edit)
Clone Of:
(edit)
Last Closed: 2011-07-21 14:15:05 UTC


Attachments (Terms of Use)
Patch for RHEL5 and RHEL6 (11.44 KB, patch)
2010-12-17 20:39 UTC, Stephen Gallagher
no flags Details | Diff
Patch for Fedora 13 (11.44 KB, patch)
2010-12-17 20:40 UTC, Stephen Gallagher
no flags Details | Diff
Patch for Fedora 14 (11.44 KB, patch)
2010-12-17 20:40 UTC, Stephen Gallagher
no flags Details | Diff


External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2011:0560 normal SHIPPED_LIVE Low: sssd security, bug fix, and enhancement update 2011-05-19 11:38:17 UTC
Red Hat Product Errata RHSA-2011:0975 normal SHIPPED_LIVE Low: sssd security, bug fix, and enhancement update 2011-07-21 08:09:03 UTC

Description Vincent Danen 2010-12-07 23:37:44 UTC
Sebastian Krahmer discovered that it was possible to make sssd hang forever inside a loop in the pam_parse_in_data_v2() function of SSSD's PAM responder by using a carefully crafted packet to sssd.  This could be exploited by a local attacker to crash sssd and prevent other legitimate users from logging into the system.

Acknowledgements:

Red Hat would like to thank Sebastian Krahmer for reporting this issue.

Comment 7 Stephen Gallagher 2010-12-17 20:39:26 UTC
Created attachment 469438 [details]
Patch for RHEL5 and RHEL6

This patch applies to the SSSD 1.2.x branch and will resolve the issue on RHEL 5 and RHEL 6.

Comment 8 Stephen Gallagher 2010-12-17 20:40:12 UTC
Created attachment 469439 [details]
Patch for Fedora 13

This patch applies to the SSSD 1.3 branch and will resolve the issue on Fedora 13.

Comment 9 Stephen Gallagher 2010-12-17 20:40:56 UTC
Created attachment 469440 [details]
Patch for Fedora 14

This patch applies to the SSSD 1.4.x branch and will resolve the issue on Fedora 14.

Comment 10 Vincent Danen 2010-12-17 21:12:15 UTC
Thanks for the patches.  I'm going to pass these on to other vendors and coordinate an unembargo date.

Comment 18 Vincent Danen 2011-01-11 22:38:38 UTC
Created sssd tracking bugs for this issue

Affects: fedora-all [bug 668888]

Comment 19 Vincent Danen 2011-01-11 22:40:41 UTC
Statement:

(none)

Comment 25 Kaushik Banerjee 2011-04-12 12:15:46 UTC
Verified with Sumit's reproducer script.
The script hangs on running on RHEL 6.0 32-bit (sssd-1.2.1-28) and sssd_pam consumes 100% cpu.

The script works fine on running on RHEL 6.1 32 bit (sssd-1.5.1-25).

Verified on version:
# rpm -qi sssd | head
Name        : sssd                         Relocations: (not relocatable)
Version     : 1.5.1                             Vendor: Red Hat, Inc.
Release     : 25.el6                        Build Date: Fri 08 Apr 2011 10:53:37 PM IST
Install Date: Tue 12 Apr 2011 11:01:14 AM IST      Build Host: x86-002.build.bos.redhat.com
Group       : Applications/System           Source RPM: sssd-1.5.1-25.el6.src.rpm
Size        : 3582701                          License: GPLv3+
Signature   : (none)
Packager    : Red Hat, Inc. <http://bugzilla.redhat.com/bugzilla>
URL         : http://fedorahosted.org/sssd/
Summary     : System Security Services Daemon

Comment 26 errata-xmlrpc 2011-05-19 11:40:55 UTC
This issue has been addressed in following products:

  Red Hat Enterprise Linux 6

Via RHSA-2011:0560 https://rhn.redhat.com/errata/RHSA-2011-0560.html

Comment 27 errata-xmlrpc 2011-05-19 13:09:01 UTC
This issue has been addressed in following products:

  Red Hat Enterprise Linux 6

Via RHSA-2011:0560 https://rhn.redhat.com/errata/RHSA-2011-0560.html

Comment 28 Vincent Danen 2011-07-07 15:02:03 UTC
This was corrected in upstream sssd version 1.5.1:

https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.1

Comment 29 Stephen Gallagher 2011-07-07 15:29:49 UTC
Why was this BZ reopened?

Comment 30 Vincent Danen 2011-07-07 16:40:03 UTC
It was never closed, and it is still unresolved in Red Hat Enterprise Linux 5.  SRT bugs shouldn't be in VERIFIED state, so I just flipped the state back to NEW where it is supposed to be.

Comment 31 errata-xmlrpc 2011-07-21 08:09:08 UTC
This issue has been addressed in following products:

  Red Hat Enterprise Linux 5

Via RHSA-2011:0975 https://rhn.redhat.com/errata/RHSA-2011-0975.html

Comment 32 errata-xmlrpc 2011-07-21 11:45:55 UTC
This issue has been addressed in following products:

  Red Hat Enterprise Linux 5

Via RHSA-2011:0975 https://rhn.redhat.com/errata/RHSA-2011-0975.html


Note You need to log in before you can comment on or make changes to this bug.