An infinite loop flaw was found in the way the pam_env module of PAM (Pluggable Authentication Modules) security tool expanded certain environment variables, when both pam_env module and reading of the user specific environment file were enabled. A local attacker could use this flaw to cause the pam_env module check to enter the infinite loop and spam system log file of the particular host.
Acknowledgements: Red Hat would like to thank Kees Cook of Google ChromeOS Team for reporting this issue.
Reading of user-supplied environment files is disabled by default in the pam package versions, as shipped with various releases of Red Hat Enterprise Linux and Fedora, more information at: https://bugzilla.redhat.com/show_bug.cgi?id=746619#c9
This issue does not affect the version of the pam package, as shipped with Red Hat Enterprise Linux 4 and 5, because they do not support reading user specific environment file via ~/.pam_environment This issue affects the version of the pam package, as shipped with Red Hat Enterprise Linux 6. This issue affects the version of pam package, as shipped with Fedora 14 and 15.
Statement: This issue did not affect the versions of pam package as shipped with Red Hat Enterprise Linux 4 and 5.
Public via: [1] https://bugs.launchpad.net/ubuntu/+source/pam/+bug/874565 Relevant upstream patch: [2] http://git.fedorahosted.org/git/?p=linux-pam.git;a=commitdiff;h=109823cb621c900c07c4b6cdc99070d354d19444
Created pam tracking bugs for this issue Affects: fedora-all [bug 748817]
This issue has been addressed in following products: Red Hat Enterprise Linux 6 Via RHSA-2013:0521 https://rhn.redhat.com/errata/RHSA-2013-0521.html