Bug 805551 - (CVE-2012-1572) CVE-2012-1572 openstack-keystone: extremely long passwords can crash Keystone
CVE-2012-1572 openstack-keystone: extremely long passwords can crash Keystone
Status: CLOSED ERRATA
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
unspecified
All Linux
medium Severity medium
: ---
: ---
Assigned To: Red Hat Product Security
impact=moderate,public=20120327,repor...
: Security
Depends On: 807336 807340 807346
Blocks:
  Show dependency treegraph
 
Reported: 2012-03-21 11:02 EDT by Vincent Danen
Modified: 2015-07-31 11:25 EDT (History)
7 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2013-08-09 00:33:03 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:


Attachments (Terms of Use)
preliminary patch to fix the flaw (3.15 KB, patch)
2012-03-21 11:18 EDT, Vincent Danen
no flags Details | Diff

  None (edit)
Description Vincent Danen 2012-03-21 11:02:47 EDT
A vulnerability in how Keystone handles extremely long passwords was discovered.  When Keystone is validating a password, glibc allocated space on the stack for the entire password.  If the password is long enough, stack space can be exhausted which will lead to a crash.  A remote attacker could use this to cause a crash in Keystone by submitting a long password when attempting to log into an existing account; an attacker must know an existing account name to attempt the login with for this attack to be successful.
Comment 1 Vincent Danen 2012-03-21 11:12:41 EDT
This flaw is embargoed until 20120327.
Comment 2 Vincent Danen 2012-03-21 11:18:31 EDT
Created attachment 571739 [details]
preliminary patch to fix the flaw
Comment 3 Pádraig Brady 2012-03-27 11:08:03 EDT
Hi Vincent. Distro bugs have been created and block this one.
Corresponding updates have been pushed.
I can't make this public.
Can you please?

cheers.

Note You need to log in before you can comment on or make changes to this bug.