Summary: | sys-apps/shadow: "passwd_check()" security bypass vulnerability | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | SpanKY <vapier> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | ||
Priority: | High | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | All | ||
URL: | http://cvs.pld.org.pl/shadow/libmisc/pwdcheck.c | ||
Whiteboard: | A3 [glsa] | ||
Package list: | Runtime testing required: | --- |
Description
SpanKY
2004-10-27 21:44:56 UTC
ok method, 4.0.5 is now in portage with KEYWORDS=-* verify it's selinux happy and move it into unstable please ;) assigning to security since it is fixing a sec issue: from CVS log for shadow/libmisc/pwdcheck.c: 1.3 Wed Jun 2 23:50:10 2004 by kloczek CVS Tags: ver-4_0_5, HEAD Diffs to 1.2 Fixed securirty bug which allow unauthorized account properties modification. Affected tools: chfn and chsh. Bug was discovered by Martin Schulze <joey@infodrom.org>. ____ http://secunia.com/advisories/13028/ Keeping it at [ebuild] level until package in moved to ~. its ok on the selinux side now in unstable, ready for testing/stable It fails to compile with the following error:- i686-pc-linux-gnu-gcc -I. -I. -I.. -march=athlon-xp -O3 -pipe -MT pwio.lo -MD -MP -MF .deps/pwio.Tpo -c pwio.c -o pwio.o i686-pc-linux-gnu-gcc -I. -I. -I.. -march=athlon-xp -O3 -pipe -MT pwauth.lo -MD -MP -MF .deps/pwauth.Tpo -c pwauth.c -o pwauth.o if /bin/sh ../libtool --mode=compile --tag=CC i686-pc-linux-gnu-gcc -I. -I. -I.. -march=athlon-xp -O3 -pipe -MT rad64.lo -MD -MP -MF ".deps/rad64.Tpo" -c -o rad64.lo rad64.c; \ then mv -f ".deps/rad64.Tpo" ".deps/rad64.Plo"; else rm -f ".deps/rad64.Tpo"; exit 1; fi pwauth.c: In function `pw_auth': pwauth.c:155: error: too few arguments to function `skeychallenge' pwauth.c:263: warning: passing arg 2 of `skeyverify' discards qualifiers from pointer target type make[2]: *** [pwauth.lo] Error 1 make[2]: *** Waiting for unfinished jobs.... i686-pc-linux-gnu-gcc -I. -I. -I.. -march=athlon-xp -O3 -pipe -MT rad64.lo -MD-MP -MF .deps/rad64.Tpo -c rad64.c -o rad64.o make[2]: Leaving directory `/var/tmp/portage/shadow-4.0.5/work/shadow-4.0.5/lib' make[1]: *** [all-recursive] Error 1 make[1]: Leaving directory `/var/tmp/portage/shadow-4.0.5/work/shadow-4.0.5' make: *** [all] Error 2 !!! ERROR: sys-apps/shadow-4.0.5 failed. !!! Function src_compile, Line 70, Exitcode 2 !!! compile problem emerge info Portage 2.0.51-r2 (default-x86-2004.2, gcc-3.4.2, glibc-2.3.4.20041021-r0, 2.6.9-gentoo-r1 i686) ================================================================= System uname: 2.6.9-gentoo-r1 i686 AMD Athlon(tm) processor Gentoo Base System version 1.6.4 ccache version 2.3 [enabled] Autoconf: sys-devel/autoconf-2.59-r5 Automake: sys-devel/automake-1.8.5-r1 Binutils: sys-devel/binutils-2.15.92.0.2-r1 Headers: sys-kernel/linux26-headers-2.6.8.1-r1 Libtools: sys-devel/libtool-1.5.2-r5 ACCEPT_KEYWORDS="x86 ~x86" AUTOCLEAN="yes" CFLAGS="-march=athlon-xp -O3 -pipe" CHOST="i686-pc-linux-gnu" COMPILER="" CONFIG_PROTECT="/etc /usr/X11R6/lib/X11/xkb /usr/kde/2/share/config /usr/kde/3.3/env /usr/kde/3.3/share/config /usr/kde/3.3/shutdown /usr/kde/3/share/config /usr/lib/mozilla/defaults/pref /usr/share/config /var/qmail/control" CONFIG_PROTECT_MASK="/etc/gconf /etc/terminfo /etc/env.d" CXXFLAGS="-march=athlon-xp -O3 -pipe" DISTDIR="/usr/portage/distfiles" FEATURES="autoaddcvs buildpkg ccache clean distcc distlocks fixpackages sandboxuserpriv usersandbox" GENTOO_MIRRORS="http://gentoo.mirror.sdv.fr http://linux.rz.ruhr-uni-bochum.de/download/gentoo-mirror/ http://ftp.heanet.ie/pub/gentoo/" MAKEOPTS="-j2" PKGDIR="/usr/portage/packages" PORTAGE_TMPDIR="/var/tmp" PORTDIR="/usr/portage" PORTDIR_OVERLAY="/usr/local/portage" SYNC="rsync://rsync.uk.gentoo.org/gentoo-portage" USE="3dnow 3dnowex X X509 aac aalib acl acpi acpi4linux aim alsa apm aredmem arts audiofile avantgo avi berkdb bitmap-fonts bluetooth bonobo bootspla cddb cdparanoia cdr chroot codecs crypt ctype cups curl dga dio directfb divx4linux dvb dvd dvdr dvdread encode esd ethereal evo exif ext-zlib extensions f77 faac faad fam fbcon fftw flac foomaticdb freetype gd gdbm gif gimp gimpprint gnome gphoto2 gpm gstreamer gtk gtk2 gtkhtml icq idea ieee1394 imagemagick imlib imlib2 innodbipv6 irda irmc ithreads jabber java joystick jpeg jpeg2k kde ldap libg++ libwwwlive lm_sensors lzo lzw-tiff mad mikmod mime mmx mmx2 mng monkey motif mozcalendar mozilla mozp3p mozsvg mozxmlterm mpeg mpeg4 msn mysql nas ncurses network nls no-old-linux nocd nptl nvidia offensive oggvorbis ooo-kde opengl opie oscar oss pam pcap pcre pda pdflib perl pic png postgres prelink pthreads python qt quicktime readline samba scanner sdl silc skey slang smime sockets sox speedo speex spell sse ssl svg svga t1lib tcltk tcpd tga theora threads tiff transcode truetype type1 usb uudeview v4l v4l2 vim-with-x wifi wmf x86 xfs xine xml2 xmms xosd xscreensaver xv xvid yahoo zlib zvbi linguas_en_GB" Let the arch race begin... Please test and mark shadow-4.0.5 stable Doesn't build with skey support in sparc... pwauth.c: In function `pw_auth': pwauth.c:155: error: too few arguments to function `skeychallenge' Same for ppc with skey enabled. well, like i said in comment #7, skey is being handled at Bug 69741 already and, it's fixed now ... so sync up and test Yes, now it works. So, stable on ppc. Stable on alpha. sparc stable. marked stable for a arm/hppa/ia64/s390/x86 stable on ppc64 stable amd64 from CVS log: 1.4 Tue Nov 2 18:46:30 2004 by kloczek CVS Tags: HEAD Diffs to 1.3 one word fix .. ommited "else" was removed. Now security bug which allow unauthorized account properties modification is realy closed. Diff to 4.0.5 available at http://cvs.pld.org.pl/shadow/libmisc/pwdcheck.c?r1=1.3&r2=1.4 supposed to be addressed in 4.0.6 vapier, could you provide an updated ebuild please? 4.0.5-r1 now in portage with patch MIPS should mark stable to benefit from GLSA Asked for clarification on Impact to Martin Schultze. GLSA 200411-09 mips, please mark stable to benefit from the GLSA mips stable. |