Univention Bugzilla – Full Text Bug Listing |
Summary: | Denial of Service: pam_unix authentication hangs in hashsum generation | ||
---|---|---|---|
Product: | UCS | Reporter: | Florian Best <best> |
Component: | PAM | Assignee: | Florian Best <best> |
Status: | CLOSED FIXED | QA Contact: | Johannes Keiser <keiser> |
Severity: | normal | ||
Priority: | P5 | CC: | brodersen, requate |
Version: | UCS 4.4 | ||
Target Milestone: | UCS 4.4-1-errata | ||
Hardware: | Other | ||
OS: | Linux | ||
URL: | https://github.com/linux-pam/linux-pam/issues/118 | ||
What kind of report is it?: | Security Issue | What type of bug is this?: | --- |
Who will be affected by this bug?: | --- | How will those affected feel about the bug?: | --- |
User Pain: | Enterprise Customer affected?: | ||
School Customer affected?: | ISV affected?: | ||
Waiting Support: | Flags outvoted (downgraded) after PO Review: | ||
Ticket number: | Bug group (optional): | Security | |
Max CVSS v3 score: | 7.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) | ||
Bug Depends on: | |||
Bug Blocks: | 44602 |
Description
Florian Best
2019-06-27 16:52:34 CEST
Build package (for i386 and amd64) in scope fbest: deb [trusted=yes] http://omar.knut.univention.de/build2/ ucs_4.4-0-fbest/all/ deb [trusted=yes] http://omar.knut.univention.de/build2/ ucs_4.4-0-fbest/$(ARCH)/ Changes in patches repository: svn r18608 YAML file in branch git:fbest/49741-pam-unix Rebuilt the package again: Somehow the quilt patch was not appended to debian/series. Migrated to a .patch file now which worked. [amd64] successful build Package: pam Version: 1.1.8-3.6A~4.4.0.201907121407 Branch: ucs_4.4-0-fbest Scope: fbest Merged the patch into the errata-4.4-1 scope. pam.yaml f1d99e8176dc | YAML Bug #49741 f2f3ea4e5127 | YAML Bug #49740 QA: test authentication and password changing (passwords longer than 512 characters should be rejected). Does this need a release of univention-pam? I ask because the workaround for bug 49614 is a change in "/etc/pam.d/common-session" which would be overwritten in that case. (In reply to Jürn Brodersen from comment #5) > Does this need a release of univention-pam? No. OK: login with password > 512 chars not possible OK: pam_unix does not hang anymore for big passwords OK: trying to change password to > 512 chars shows error that password is too long OK: yaml -> verified |