The pam_userdb added the "optional" crypt= variable to the /etc/pam.d/ files. However the internal structure is initialized to NULL and sloppily passed onwards. Therefore unless the crypt= line is -present- in the config, it will remain as NULL and cause a segfault, thereby making the logins fail unconditionally.
not sure if this really is a security issue or not, however please provide a fixed package.
Created attachment 76894 [details, diff] pam-0.78-userdb-cript.patch Can someone test if this works? I don't have pam_userdb setup here to test.
Opening bug, this is known in the public. I found a patch that seems to fix another similar issue here, maybe we also need that one. http://cvs.sourceforge.net/viewcvs.py/pam/Linux-PAM/modules/pam_userdb/pam_userdb.c?r1=1.16&r2=1.18
AFAICT this is not a vulnerability, it's just a bug. Bad config => no login allowed. Reassigning.
So as I'm probably not going to try preparing ebuilds for pam 0.81 now (as I don't have the free time to start looking at it so much to make its build system sane), can someone please test the patch I've tried to prepare? The one in the ViewCVS does not apply over current sources (or I would have applied it with -r4).
See above, a test might be handy, but anyway 0.99 is in tree p.masked -* until it can be fixed.
