Package: php5-auth-pam
Version: 0.4-10
I have installed package 'php5-auth-pam' and then used the test script included
in the package to check if the new PHP function pam_auth() is working properly.
The content of my test script 'pam_auth.php' is:
<?php
$username = 'test';
$password = 'secret';
$error = '';
echo "\n\n";
if (pam_auth($username, $password, &$error)) {
echo "Yeah baby, we're authenticated!";
} else {
echo $error;
}
?>
If I call function pam_auth() with an invalid username/passwd, the test script
is execute properly.
If I call function pam_auth() with a valid username/passwd, the script is
terminated prematurely and a heap overflow error is logged into
'/var/log/apache2/error.log'.
Here is an excerpt from apache error log file [I have first restarted apache
and then called the script 'pam_auth.php']:
[Tue Sep 22 15:06:56 2009] [notice] caught SIGTERM, shutting down
[Tue Sep 22 15:07:05 2009] [notice] Apache/2.2.13 (Debian) DAV/2 SVN/1.6.3
PHP/5.2.10-2.2 with Suhosin-Patch mod_ssl/2.2.13 OpenSSL/0.9.8k configured --
resuming normal operations
[Tue Sep 22 15:08:44 2009] [error] [client 192.168.8.10] ALERT - canary
mismatch on efree() - heap overflow detected (attacker '192.168.8.10', file
'/home/piet/public_html/pam_auth.php')
Here is a list of installed packages related to apache and PHP:
dpkg -l '*php*' '*apach*' | grep ^ii
ii apache2 2.2.13-1 Apache HTTP
Server metapackage
ii apache2-doc 2.2.13-1 Apache HTTP
Server documentation
ii apache2-mpm-prefork 2.2.13-1 Apache HTTP
Server - traditional non-threaded model
ii apache2-utils 2.2.13-1 utility
programs for webservers
ii apache2.2-bin 2.2.13-1 Apache HTTP
Server common binary files
ii apache2.2-common 2.2.13-1 Apache HTTP
Server common files
ii libapache2-mod-auth-pam 1.1.1-8 module for
Apache2 which authenticate using PAM
ii libapache2-mod-auth-sys-group 1.1.1-8 Module for
Apache2 which checks user against system group
ii libapache2-mod-php5 5.2.10.dfsg.1-2.2
server-side, HTML-embedded scripting language (Apache 2 module)
ii libapache2-svn 1.6.3dfsg-1 Subversion
server modules for Apache
ii php-auth 1.6.1-1 PHP PEAR
modules for creating an authentication system
ii php-doc 20081024-1
Documentation for PHP5
ii php-pear 5.2.10.dfsg.1-2.2 PEAR - PHP
Extension and Application Repository
ii php5 5.2.10.dfsg.1-2.2
server-side, HTML-embedded scripting language (metapackage)
ii php5-auth-pam 0.4-10 A PHP5
extension for PAM authentication
ii php5-cli 5.2.10.dfsg.1-2.2
command-line interpreter for the php5 scripting language
ii php5-common 5.2.10.dfsg.1-2.2 Common
files for packages built from the php5 source
ii php5-dev 5.2.10.dfsg.1-2.2 Files for
PHP5 module development
ii php5-ldap 5.2.10.dfsg.1-2.2 LDAP module
for php5
ii phpldapadmin 1.1.0.7-1 web based
interface for administering LDAP servers
--
Peter
<[email protected]>
________________________________________________________________
Neu: WEB.DE Doppel-FLAT mit Internet-Flatrate + Telefon-Flatrate
für nur 19,99 Euro/mtl.!* http://produkte.web.de/go/02/
--
To UNSUBSCRIBE, email to [email protected]
with a subject of "unsubscribe". Trouble? Contact [email protected]
