lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20031113122315.5087.qmail@sf-www3-symnsj.securityfocus.com>
Date: 13 Nov 2003 12:23:15 -0000
From: <das@...isionsoft.com>
To: bugtraq@...urityfocus.com
Subject: Minor OpenSSH/pam vuln (non-exploitable)




The home page of the one time password system (or otpw -- http://www.cl.cam.ac.uk/~mgk25/otpw.html) has info about how OpenSSH doesn't correctly return PAM_CONV_ERR when a user cancels a login (but instead incorrectly calls pam_end() having the side effect that memory is not correctly scrubbed (or who knows what for other PAM modules). This info comes directly from the aforementioned website.

This has been reported via the appropriate bugzilla (http://bugzilla.mindrot.org/show_bug.cgi?id=632) but not yet fixed. 

If there are any hardware security tokens (for example) which might fail to go back to a locked state due to this bug then it might introduce an exploitable vulnerability in that situation. Otherwise, it just fails to provide all the security assurances it should (with respect to scrubbing the ram).

If anyone who knows more about pam and OpenSSH has any further analysis to add, it would be much appreciated.


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ