SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Security)  >   Passwd Vendors:   [Multiple Authors/Vendors]
Linux passwd May Truncate Passwords Supplied Via stdin
SecurityTracker Alert ID:  1010182
SecurityTracker URL:  http://securitytracker.com/id/1010182
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  May 18 2004
Impact:   Modification of user information
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 0.68
Description:   A vulnerability was reported in passwd when accepting input from stdin. The password may be truncated.

Steve Grubb reported that an error in the passwd program may occur when passwords are read from stdin. The buffer is 80 characters, but the length passed to the read function is 79 and location 78 is zeroed. As a result, passwords may be truncated.

Impact:   Passwords supplied via stdin may be truncated by one character in a certain case.
Solution:   A patch against version 0.68 is available at:

http://bugzilla.redhat.com/bugzilla/attachment.cgi?id=99912&action=view

Cause:   Boundary error
Underlying OS:  Linux (Any)

Message History:   This archive entry has one or more follow-up message(s) listed below.
May 18 2004 (Mandrake Issues Fix) Linux passwd May Truncate Passwords Supplied Via stdin
Mandrake has released a fix.



 Source Message Contents

Subject:  passwd


Opened by  (Steve Grubb) on 2004-04-05 13:50

 From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i586; en-US; rv:1.4.2)
Gecko/20040308

Description of problem:
During a code review, I found several issues with the programs in the
passwd rpm. Notibly, the passwd program has an off by 1 in the case of
--stdin. buffer is 80, len passed to read is 79, location 78 is 0'ed.
This is more noticeable if you imagine i == 1 after read. Also, if
read returns an error, the program continues as if nothing bad
happened and tries to zero buffer[-2];

Also, pam_start was not being checked for its return code.

Various minor memory leaks.

Version-Release number of selected component (if applicable):
passwd-0.68

How reproducible:
Always

Steps to Reproduce:
Found during code review.


Additional info:

I will attach a patch that fixes these. I did not look at prior
versions to see if these issues exist.


 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, SecurityGlobal.net LLC