Public bug reported:
When authenticating some users, tac_plus will check system passwords,
and crash if the account is disabled.
To reproduce: set the system password (/etc/shadow) of a tac+
authenticated user to "!"; then try authenticating from a remote client
(in my case with pam_tacplus); the tac_plus server will fault inside
strcmp; first parameter passwd to strcmp is (NULL, ...) because
crypt(,"!") returned NULL.
Patch attached.
** Affects: tacacs+ (Ubuntu)
Importance: Undecided
Status: New
** Patch added: "simple fix for disabled accounts"
https://bugs.launchpad.net/bugs/1435632/+attachment/4354024/+files/crypt.patch
** Description changed:
When authenticating some users, tac_plus will check system passwords,
- and crash of the account is disabled.
+ and crash if the account is disabled.
To reproduce: set the system password (/etc/shadow) of a tac+
authenticated user to "!"; then try authenticating from a remote client
(in my case with pam_tacplus); the tac_plus server will fault inside
strcmp; first parameter passwd to strcmp is (NULL, ...) because
crypt(,"!") returned NULL.
Patch attached.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1435632
Title:
segfault on disabled accounts
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/tacacs+/+bug/1435632/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
