A vulnerability has been reported in Linux-PAM, which can be exploited by malicious people to bypass certain security restrictions. The vulnerability is caused due to an error within the "_unix_verify_password()" function in modules/pam_unix/support.c when verifying a user's password. This can be exploited to login with any given password if the hash in the passwd file is "!!" or similar. The vulnerability is reported in version 0.99.7.0. Reproducible: Didn't try https://www.redhat.com/archives/pam-list/2007-January/msg00017.html http://www.redhat.com/archives/fedora-devel-list/2007-January/msg01277.html
Is this an issue with the obsolete 0.78 version we have stable? Doesn't seem to: > This release fixes a serious problem in pam_unix.so introduced in the > previous release 0.99.7.0. I'll update the ebuild for ~arch.
Also, as far as I can see, !! is not our default for shadow file.
0.99.7.1 in tree, the needed patch is on its way to mirrors.
Thanks Everyone, marking FIXED.
