oss-sec mailing list archives
CVE request: Cyrus-sasl NULL ptr. dereference
From: "mancha" <mancha1 () hush com>
Date: Fri, 12 Jul 2013 15:27:18 +0000
Starting with glibc 2.17 (eglibc 2.17), crypt() fails with EINVAL (w/ NULL return) if the salt violates specifications. Additionally, on FIPS-140 enabled Linux systems, DES/MD5-encrypted passwords passed to crypt() fail with EPERM (w/ NULL return). When authenticating against Cyrus-sasl via mechanisms that use glibc's crypt (e.g. getpwent or shadow auth. mechs), and this crypt() returns a NULL as glibc 2.17+ does on above-described input, the client crashes the authentication daemon resulting in a DoS. Upstream fix: http://git.cyrusimap.org/cyrus- sasl/commit/?id=dedad73e5e7a75d01a5f3d5a6702ab8ccd2ff40d Backported fixes (versions 2.1.23 & 2.1.26): http://sourceforge.net/projects/miscellaneouspa/files/glibc217/cyrus -sasl-2.1.23-glibc217-crypt.diff http://sourceforge.net/projects/miscellaneouspa/files/glibc217/cyrus -sasl-2.1.26-glibc217-crypt.diff Many thanks, --mancha
Current thread:
- CVE request: Cyrus-sasl NULL ptr. dereference mancha (Jul 12)
- Re: CVE request: Cyrus-sasl NULL ptr. dereference Solar Designer (Jul 12)
- Re: CVE request: Cyrus-sasl NULL ptr. dereference Sebastian Krahmer (Jul 15)
- <Possible follow-ups>
- Re: CVE request: Cyrus-sasl NULL ptr. dereference mancha (Jul 12)
- Re: CVE request: Cyrus-sasl NULL ptr. dereference Solar Designer (Jul 12)
- Re: CVE request: Cyrus-sasl NULL ptr. dereference Kurt Seifried (Jul 12)
- Re: CVE request: Cyrus-sasl NULL ptr. dereference Solar Designer (Jul 12)