Home    |    View Topics    |    Search    |    Contact Us    |   



Category:   Application (Security)  >   Pam (Pluggable Authentication Modules) Vendors:   Linux-PAM Project
Pluggable Authentication Modules (PAM) Bug May Grant Remote Users Access to Accounts With Disabled Passwords
SecurityTracker Alert ID:  1005444
SecurityTracker URL:
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Updated:  Oct 18 2002
Original Entry Date:  Oct 17 2002
Impact:   Root access via network, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 0.76
Description:   An authentication vulnerability was reported in Pluggable Authentication Modules (PAM). A remote user may be able to access accounts with disabled passwords.

It is reported that a specific version of Linux-PAM incorrectly considers disabled passwords (i.e., passwords with '*' in the password file) as empty passwords. A remote user may be able to gain access to those accounts through the regular login procedure (e.g., getty, telnet, ssh).

The report notes that accounts with the shell field in the password file set to to /bin/false.

It is reported that only version 0.76 is vulnerable. More information on the patch history is available at:

Debian credits Paul Aurich and Samuele Giovanni Tonon with reporting this flaw.

Impact:   A remote user may be able to access accounts with disabled passwords.
Solution:   The vendor has released a fixed version (0.77), available at:

Vendor URL: (Links to External Site)
Cause:   Authentication error
Underlying OS:  Linux (Any)

Message History:   This archive entry has one or more follow-up message(s) listed below.
(Debian Issues Fix) Pluggable Authentication Modules (PAM) Bug May Grant Remote Users Access to Accounts With Disabled Passwords
Debian has released a fix.

 Source Message Contents

Subject:  [SECURITY] [DSA 177-1] New PAM packages fix serious security violation in Debian/unstable

Hash: SHA1

- --------------------------------------------------------------------------
Debian Security Advisory DSA 177-1                                        Martin Schulze
October 17th, 2002            
- --------------------------------------------------------------------------

Package        : pam
Vulnerability  : serious security violation
Problem-Type   : remote 
Debian-specific: no
Distributions  : unstable only

Paul Aurich and Samuele Giovanni Tonon discovered a serious security
violation in PAM.  Disabled passwords (i.e. those with '*' in the
password file) were classified as empty password and access to such
accounts is granted through the regular login procedure (getty,
telnet, ssh).  This works for all such accounts whose shell field in
the password file does not refer to /bin/false.  Only version 0.76 of
PAM seems to be affected by this problem.

This problem has been fixed in version 0.76-6 for the current unstable
distribution (sid).  The stable distribution (woody), the old stable
distribution (potato) and the testing distribution (sarge) are not
affected by this problem.

As stated in the Debian security team FAQ (see URL in header), testing
and unstable are rapidly moving targets and the security team does not
have the resources needed to properly support those.  This security
advisory is an exception to that rule, due to the seriousness of the

We recommend that you upgrade your PAM packages immediately if you are
running Debian/unstable.

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

Debian GNU/Linux unstable alias sid
- -----------------------------------

  Source archives:
      Size/MD5 checksum:      732 c7661ad0dcbc7df4ca967e58e93edd2e
      Size/MD5 checksum:    87185 39d8f45620b6750b34ad9128814328e7
      Size/MD5 checksum:   424671 22dd4019934cbd71bc67f13a5c2e10ec

  Architecture independent components:
      Size/MD5 checksum:   651724 b3fc72ee81ac4e4413c696ec42fa4ef3
      Size/MD5 checksum:    51922 28398b55b183e122984c4bf1a64183a9

  Alpha architecture:
      Size/MD5 checksum:    53808 462dcd1a02dd799b761a05687cf08699
      Size/MD5 checksum:   179588 e2719b40c82af6891471c7182d8008f7
      Size/MD5 checksum:    74146 727185b2d9c55a084105e2e4c43afcd0
      Size/MD5 checksum:   116148 970c63cf78a3b7311e122069225caa06

  ARM architecture:
      Size/MD5 checksum:    52268 c8f6709b9b92cac992168bfa957762cd
      Size/MD5 checksum:   153494 12a21eb18e0cb8fb3043c23a78b410a8
      Size/MD5 checksum:    67952 bf8953d4d7227a5f8c837921da2745c4
      Size/MD5 checksum:   110738 10ecfcb5e44bb5af98deb4f5b27c16cb

  Intel IA-32 architecture:
      Size/MD5 checksum:    52116 f91a3a10c47a08aae349bd16d161a644
      Size/MD5 checksum:   146290 88216fe253c9e5042e8a6902bc807153
      Size/MD5 checksum:    67504 a02c56dfa8949cf9abc071fc3b75ade1
      Size/MD5 checksum:   107490 366d7a40aecdc674920c76f8c71684b3

  Intel IA-64 architecture:
      Size/MD5 checksum:    56320 a52fc9867c6af83788e5d999fb3c5289
      Size/MD5 checksum:   204086 1b85b7156e03bef224c783e45c4f8f36
      Size/MD5 checksum:    81374 76d3f1c7665854f137457f7d0e75d995
      Size/MD5 checksum:   118930 31ff873794cfaf4da938340fbf87c275

  HP Precision architecture:
      Size/MD5 checksum:    53646 10dce03fd0f16e7bb25cc7263b679cd2
      Size/MD5 checksum:   171266 23439afca3810b039e65e3ff5a626336
      Size/MD5 checksum:    72066 166e7a5b1f72b0585b1d1fa06d5ac4f0
      Size/MD5 checksum:   113166 bb97068c08d1e98c37a439ff044dfe0c

  Motorola 680x0 architecture:
      Size/MD5 checksum:    51886 aa1a506bbabef00284d5761e891edd3d
      Size/MD5 checksum:   151202 6064da7ddbc9ecf958e52e586b4d5fe0
      Size/MD5 checksum:    67578 3586a306ffe39e0b57b6ebd37196fbc7
      Size/MD5 checksum:   106684 db2c282058e7b2d78cb41bd7ab1bc082

  Big endian MIPS architecture:
      Size/MD5 checksum:    52336 5f20d3e21ab9d2948fc74598f70a77b8
      Size/MD5 checksum:   149874 4ab69f9fdb67245b2c90a192f94c4f09
      Size/MD5 checksum:    68280 487a9bd02b5ba9c8b3342bcebba95658
      Size/MD5 checksum:   111840 3bd2014016f6325e7853566d91ec91e4

  Little endian MIPS architecture:
      Size/MD5 checksum:    52318 2ebabb4258a9901b601829594fae3e86
      Size/MD5 checksum:   149786 a8fa2ea4ba3a4ebd00ff3ea83048972f
      Size/MD5 checksum:    68284 0afe5c5e849c06a4802b05c7e9fd75a0
      Size/MD5 checksum:   111834 b7d8dab220f32c55406d7fd0175875f8

  PowerPC architecture:
      Size/MD5 checksum:    52722 9122f2b7af39021cedaabcf8899b7c43
      Size/MD5 checksum:   157134 350a445962f3835ee8eee72aaaa7aa1c
      Size/MD5 checksum:    69758 08a704d5ccd0c04505e4570d9ca8f6db
      Size/MD5 checksum:   109960 0a20b7da4c63d9bb40399fcc44259443

  IBM S/390 architecture:
      Size/MD5 checksum:    52750 4b4431e696cf93b3a31dccda1fad4244
      Size/MD5 checksum:   153186 c42535c78b2413ad0cd81ea4bbb3c727
      Size/MD5 checksum:    68050 99382780227c0e7b109f2a11292777ba
      Size/MD5 checksum:   108796 32ba2eb69e35e8c9b59ef673a588307c

  Sun Sparc architecture:
      Size/MD5 checksum:    53024 ea53bf69a07f62eea1df690fb650529f
      Size/MD5 checksum:   164550 2577423bb422423f6d7fd37547303bae
      Size/MD5 checksum:    68536 a66479182486669059de5e3c36145162
      Size/MD5 checksum:   110406 28d8bf606249b607d6b604a32698c821

- ---------------------------------------------------------------------------------
Mailing list:
Package info: `apt-cache show <pkg>' and<pkg>

Version: GnuPG v1.0.7 (GNU/Linux)



Go to the Top of This SecurityTracker Archive Page

Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2020, LLC