Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 69212 - sys-apps/shadow: "passwd_check()" security bypass vulnerability
Summary: sys-apps/shadow: "passwd_check()" security bypass vulnerability
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All All
: High normal (vote)
Assignee: Gentoo Security
Whiteboard: A3 [glsa]
Depends on:
Reported: 2004-10-27 21:44 UTC by SpanKY
Modified: 2004-11-07 01:53 UTC (History)
0 users

See Also:
Package list:
Runtime testing required: ---


Note You need to log in before you can comment on or make changes to this bug.
Description SpanKY gentoo-dev 2004-10-27 21:44:56 UTC
summary says it all
Comment 1 SpanKY gentoo-dev 2004-10-28 18:35:08 UTC
ok method, 4.0.5 is now in portage with KEYWORDS=-*

verify it's selinux happy and move it into unstable please ;)
Comment 2 Matthias Geerdsen (RETIRED) gentoo-dev 2004-10-29 06:17:06 UTC
assigning to security since it is fixing a sec issue:

from CVS log for shadow/libmisc/pwdcheck.c:
1.3 Wed Jun 2 23:50:10 2004  by kloczek
CVS Tags: ver-4_0_5, HEAD
Diffs to 1.2

Fixed securirty bug which allow unauthorized account properties modification.
Affected tools: chfn and chsh.
Bug was discovered by Martin Schulze <>.

Comment 3 Thierry Carrez (RETIRED) gentoo-dev 2004-10-29 08:04:07 UTC
Keeping it at [ebuild] level until package in moved to ~.
Comment 4 Chris PeBenito (RETIRED) gentoo-dev 2004-11-01 06:15:55 UTC
its ok on the selinux side
Comment 5 SpanKY gentoo-dev 2004-11-01 06:55:19 UTC
now in unstable, ready for testing/stable
Comment 6 Colin Tinker 2004-11-01 10:25:49 UTC
It fails to compile with the following error:-

i686-pc-linux-gnu-gcc -I. -I. -I.. -march=athlon-xp -O3 -pipe -MT pwio.lo -MD -MP -MF .deps/pwio.Tpo -c pwio.c -o pwio.o
 i686-pc-linux-gnu-gcc -I. -I. -I.. -march=athlon-xp -O3 -pipe -MT pwauth.lo -MD -MP -MF .deps/pwauth.Tpo -c pwauth.c -o pwauth.o
if /bin/sh ../libtool --mode=compile --tag=CC i686-pc-linux-gnu-gcc  -I. -I. -I..     -march=athlon-xp -O3 -pipe -MT rad64.lo -MD -MP -MF ".deps/rad64.Tpo" -c -o rad64.lo rad64.c; \
then mv -f ".deps/rad64.Tpo" ".deps/rad64.Plo"; else rm -f ".deps/rad64.Tpo"; exit 1; fi
pwauth.c: In function `pw_auth':
pwauth.c:155: error: too few arguments to function `skeychallenge'
pwauth.c:263: warning: passing arg 2 of `skeyverify' discards qualifiers from pointer target type
make[2]: *** [pwauth.lo] Error 1
make[2]: *** Waiting for unfinished jobs....
 i686-pc-linux-gnu-gcc -I. -I. -I.. -march=athlon-xp -O3 -pipe -MT rad64.lo -MD-MP -MF .deps/rad64.Tpo -c rad64.c -o rad64.o
make[2]: Leaving directory `/var/tmp/portage/shadow-4.0.5/work/shadow-4.0.5/lib'
make[1]: *** [all-recursive] Error 1
make[1]: Leaving directory `/var/tmp/portage/shadow-4.0.5/work/shadow-4.0.5'
make: *** [all] Error 2

!!! ERROR: sys-apps/shadow-4.0.5 failed.
!!! Function src_compile, Line 70, Exitcode 2
!!! compile problem

emerge info

Portage 2.0.51-r2 (default-x86-2004.2, gcc-3.4.2, glibc-, 2.6.9-gentoo-r1 i686)
System uname: 2.6.9-gentoo-r1 i686 AMD Athlon(tm) processor
Gentoo Base System version 1.6.4
ccache version 2.3 [enabled]
Autoconf: sys-devel/autoconf-2.59-r5
Automake: sys-devel/automake-1.8.5-r1
Binutils: sys-devel/binutils-
Headers:  sys-kernel/linux26-headers-
Libtools: sys-devel/libtool-1.5.2-r5
CFLAGS="-march=athlon-xp -O3 -pipe"
CONFIG_PROTECT="/etc /usr/X11R6/lib/X11/xkb /usr/kde/2/share/config /usr/kde/3.3/env /usr/kde/3.3/share/config /usr/kde/3.3/shutdown /usr/kde/3/share/config /usr/lib/mozilla/defaults/pref /usr/share/config /var/qmail/control"
CONFIG_PROTECT_MASK="/etc/gconf /etc/terminfo /etc/env.d"
CXXFLAGS="-march=athlon-xp -O3 -pipe"
FEATURES="autoaddcvs buildpkg ccache clean distcc distlocks fixpackages sandboxuserpriv usersandbox"
USE="3dnow 3dnowex X X509 aac aalib acl acpi acpi4linux aim alsa apm aredmem arts audiofile avantgo avi berkdb bitmap-fonts bluetooth bonobo bootspla cddb cdparanoia cdr chroot codecs crypt ctype cups curl dga dio directfb divx4linux dvb dvd dvdr dvdread encode esd ethereal evo exif ext-zlib extensions f77 faac faad fam fbcon fftw flac foomaticdb freetype gd gdbm gif gimp gimpprint gnome gphoto2 gpm gstreamer gtk gtk2 gtkhtml icq idea ieee1394 imagemagick imlib imlib2 innodbipv6 irda irmc ithreads jabber java joystick jpeg jpeg2k kde ldap libg++ libwwwlive lm_sensors lzo lzw-tiff mad mikmod mime mmx mmx2 mng monkey motif mozcalendar mozilla mozp3p mozsvg mozxmlterm mpeg mpeg4 msn mysql nas ncurses network nls no-old-linux nocd nptl nvidia offensive oggvorbis ooo-kde opengl opie oscar oss pam pcap pcre pda pdflib perl pic png postgres prelink pthreads python qt quicktime readline samba scanner sdl silc skey slang smime sockets sox speedo speex spell sse ssl svg svga t1lib tcltk tcpd tga theora threads tiff transcode truetype type1 usb uudeview v4l v4l2 vim-with-x wifi wmf x86 xfs xine xml2 xmms xosd xscreensaver xv xvid yahoo zlib zvbi linguas_en_GB"
Comment 7 SpanKY gentoo-dev 2004-11-01 11:31:44 UTC
that's only with USE=skey and that's Bug 69741
Comment 8 Thierry Carrez (RETIRED) gentoo-dev 2004-11-01 11:54:18 UTC
Let the arch race begin... Please test and mark shadow-4.0.5 stable
Comment 9 Gustavo Zacarias (RETIRED) gentoo-dev 2004-11-01 12:10:40 UTC
Doesn't build with skey support in sparc...

pwauth.c: In function `pw_auth':
pwauth.c:155: error: too few arguments to function `skeychallenge'
Comment 10 Lars Weiler (RETIRED) gentoo-dev 2004-11-01 16:48:58 UTC
Same for ppc with skey enabled.
Comment 11 SpanKY gentoo-dev 2004-11-01 18:20:48 UTC
well, like i said in comment #7, skey is being handled at Bug 69741 already

and, it's fixed now ... so sync up and test
Comment 12 Lars Weiler (RETIRED) gentoo-dev 2004-11-01 19:29:53 UTC
Yes, now it works.  So, stable on ppc.
Comment 13 Bryan Østergaard (RETIRED) gentoo-dev 2004-11-01 22:06:01 UTC
Stable on alpha.
Comment 14 Gustavo Zacarias (RETIRED) gentoo-dev 2004-11-02 03:23:20 UTC
sparc stable.
Comment 15 SpanKY gentoo-dev 2004-11-02 06:03:59 UTC
marked stable for a arm/hppa/ia64/s390/x86
Comment 16 Markus Rothe (RETIRED) gentoo-dev 2004-11-02 11:27:32 UTC
stable on ppc64
Comment 17 Jeremy Huddleston (RETIRED) gentoo-dev 2004-11-02 12:11:00 UTC
stable amd64
Comment 18 Matthias Geerdsen (RETIRED) gentoo-dev 2004-11-03 06:28:36 UTC
from CVS log:

1.4 Tue Nov 2 18:46:30 2004  by kloczek
Diffs to 1.3

one word fix .. ommited "else" was removed. Now security bug which allow
unauthorized account properties modification is realy closed.

Diff to 4.0.5 available at

supposed to be addressed in 4.0.6

vapier, could you provide an updated ebuild please?
Comment 19 SpanKY gentoo-dev 2004-11-03 10:00:08 UTC
4.0.5-r1 now in portage with patch
Comment 20 Thierry Carrez (RETIRED) gentoo-dev 2004-11-03 12:34:43 UTC
MIPS should mark stable to benefit from GLSA
Comment 21 Thierry Carrez (RETIRED) gentoo-dev 2004-11-03 13:35:47 UTC
Asked for clarification on Impact to Martin Schultze.
Comment 22 Matthias Geerdsen (RETIRED) gentoo-dev 2004-11-04 12:24:06 UTC
GLSA 200411-09

mips, please mark stable to benefit from the GLSA
Comment 23 Joshua Kinard gentoo-dev 2004-11-07 01:53:57 UTC
mips stable.