[Bug 808] segfault if not using pam/keyboard-interactive mech and password's expired
Darren Tucker
dtucker at zip.com.au
Sat Mar 6 17:57:02 EST 2004
bugzilla-daemon at mindrot.org wrote:
>Summary: segfault if not using pam/keyboard-interactive mech and
> password's expired
I'm sorry to report that there is a bug in the PAM code in OpenSSH
3.8p1, and sorrier to say that I put it there. This is a NULL pointer
dereference and is *not* considered to be a security vulnerability.
When sshd is configured --with-pam, run with UsePAM=yes, and a user
with an expired password successfully authenticates via a method other
than keyboard-interactive without trying keyboard-interactive first,
sshd will attempt to dereference a NULL pointer and segfault. In such a
case, the user's session will be immediately terminated.
If UsePAM=no (the default), this problem will not occur.
The attached patch fixes this. Please test it, we would like to
release a 3.8p2 soon containing this and a few other fixes.
My apologies to anyone inconvenienced by this.
--
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69
Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: openssh-pam-authctxt.patch
Url: http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20040306/48aad78d/attachment.ksh
More information about the openssh-unix-dev
mailing list