[Bug 1187001] Re: saslauthd[26791]: segfault at 0 ip b71de6f1 sp bfcd2d9c error 4 in libc-2.17.so[b7160000+1ad000]

2013-10-09 Thread Launchpad Bug Tracker
This bug was fixed in the package cyrus-sasl2 - 2.1.25.dfsg1-6ubuntu0.1

---
cyrus-sasl2 (2.1.25.dfsg1-6ubuntu0.1) raring-security; urgency=low

  * SECURITY UPDATE: denial of service via invalid salt (LP: #1187001)
- debian/patches/CVE-2013-4122.patch: properly handle glibc returning
  NULL on an invalid salt in pwcheck/pwcheck_getpwnam.c,
  pwcheck/pwcheck_getspnam.c, saslauthd/auth_getpwent.c,
  saslauthd/auth_shadow.c.
- CVE-2013-4122
 -- Marc DeslauriersMon, 07 Oct 2013 08:40:56 
-0400

** Changed in: cyrus-sasl2 (Ubuntu Raring)
   Status: Confirmed => Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1187001

Title:
  saslauthd[26791]: segfault at 0 ip b71de6f1 sp bfcd2d9c error 4 in
  libc-2.17.so[b716+1ad000]

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/cyrus-sasl2/+bug/1187001/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs


[Bug 1187001] Re: saslauthd[26791]: segfault at 0 ip b71de6f1 sp bfcd2d9c error 4 in libc-2.17.so[b7160000+1ad000]

2013-10-07 Thread Marc Deslauriers
This issue only affects Raring and newer. Already fixed in saucy.

** Also affects: cyrus-sasl2 (Ubuntu Lucid)
   Importance: Undecided
   Status: New

** Also affects: cyrus-sasl2 (Ubuntu Precise)
   Importance: Undecided
   Status: New

** Also affects: cyrus-sasl2 (Ubuntu Quantal)
   Importance: Undecided
   Status: New

** Also affects: cyrus-sasl2 (Ubuntu Saucy)
   Importance: High
   Status: Confirmed

** Also affects: cyrus-sasl2 (Ubuntu Raring)
   Importance: Undecided
   Status: New

** Changed in: cyrus-sasl2 (Ubuntu Lucid)
   Status: New => Invalid

** Changed in: cyrus-sasl2 (Ubuntu Precise)
   Status: New => Invalid

** Changed in: cyrus-sasl2 (Ubuntu Raring)
   Importance: Undecided => Medium

** Changed in: cyrus-sasl2 (Ubuntu Raring)
   Status: New => Confirmed

** Changed in: cyrus-sasl2 (Ubuntu Raring)
 Assignee: (unassigned) => Marc Deslauriers (mdeslaur)

** Changed in: cyrus-sasl2 (Ubuntu Quantal)
   Status: New => Invalid

** Changed in: cyrus-sasl2 (Ubuntu Saucy)
   Status: Confirmed => Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1187001

Title:
  saslauthd[26791]: segfault at 0 ip b71de6f1 sp bfcd2d9c error 4 in
  libc-2.17.so[b716+1ad000]

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/cyrus-sasl2/+bug/1187001/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs


[Bug 1187001] Re: saslauthd[26791]: segfault at 0 ip b71de6f1 sp bfcd2d9c error 4 in libc-2.17.so[b7160000+1ad000]

2013-10-04 Thread Seth Arnold
Mancha, thanks! I'm sorry I overlooked it. (Even worse, I did the triage
way back when I forgot about it in the meantime:
http://people.canonical.com/~ubuntu-security/cve/2013/CVE-2013-4122.html
)

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1187001

Title:
  saslauthd[26791]: segfault at 0 ip b71de6f1 sp bfcd2d9c error 4 in
  libc-2.17.so[b716+1ad000]

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/cyrus-sasl2/+bug/1187001/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs


[Bug 1187001] Re: saslauthd[26791]: segfault at 0 ip b71de6f1 sp bfcd2d9c error 4 in libc-2.17.so[b7160000+1ad000]

2013-10-04 Thread mancha
I just updated the upstream bugzilla report to reflect the CVE
assignment and link my point release patches.

https://bugzilla.cyrusimap.org/show_bug.cgi?id=3803


** Bug watch added: bugzilla.cyrusimap.org/ #3803
   http://bugzilla.cyrusimap.org/show_bug.cgi?id=3803

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1187001

Title:
  saslauthd[26791]: segfault at 0 ip b71de6f1 sp bfcd2d9c error 4 in
  libc-2.17.so[b716+1ad000]

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/cyrus-sasl2/+bug/1187001/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs


[Bug 1187001] Re: saslauthd[26791]: segfault at 0 ip b71de6f1 sp bfcd2d9c error 4 in libc-2.17.so[b7160000+1ad000]

2013-10-04 Thread mancha
Hi. This issue was assigned CVE-2013-4122: http://openwall.com/lists
/oss-security/2013/07/13/1

--mancha

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2013-4122

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1187001

Title:
  saslauthd[26791]: segfault at 0 ip b71de6f1 sp bfcd2d9c error 4 in
  libc-2.17.so[b716+1ad000]

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/cyrus-sasl2/+bug/1187001/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs


Re: [Bug 1187001] Re: saslauthd[26791]: segfault at 0 ip b71de6f1 sp bfcd2d9c error 4 in libc-2.17.so[b7160000+1ad000]

2013-10-04 Thread HappyCamper
On 02/10/2013 08:09, Seth Arnold wrote:
> Are you confident about multi-threading? I don't see any linker commands
> to link against the threading libraries in our build logs:
> https://launchpadlibrarian.net/92810645/buildlog_ubuntu-precise-amd64
> .cyrus-sasl2_2.1.25.dfsg1-3_BUILDING.txt.gz  and I also see extensive
> use of fork(2) in the upstream git: http://git.cyrusimap.org/cyrus-
> sasl/tree/saslauthd/saslauthd-
> main.c?id=dedad73e5e7a75d01a5f3d5a6702ab8ccd2ff40d
>
>>From just the five minutes I've looked, I'd say it looks like usual
> Unix-style preforking server, not threaded server.
>

Hi

I'm not an expert on this. But when compiled with --with-ipctype=doors 
it will use pthreads. Also, the auth_shadow.c contains #ifdef _REENTRANT
directives, suggesting possible multi-threaded use.

So someone (perhaps upstream) should make sure the code is safe to use 
in all configurations.

CU,
 Arno

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1187001

Title:
  saslauthd[26791]: segfault at 0 ip b71de6f1 sp bfcd2d9c error 4 in
  libc-2.17.so[b716+1ad000]

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/cyrus-sasl2/+bug/1187001/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs


[Bug 1187001] Re: saslauthd[26791]: segfault at 0 ip b71de6f1 sp bfcd2d9c error 4 in libc-2.17.so[b7160000+1ad000]

2013-10-02 Thread chud
I think default THREADS=5 in /etc/default/saslauthd, after these all crash [as 
above] then thats the end of SASL working. (at least that is what happened for 
me, repeatedly).
Setting this to THREADS=0 has worked around the issue (for me anyway) as it 
makes it fork instead.

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1187001

Title:
  saslauthd[26791]: segfault at 0 ip b71de6f1 sp bfcd2d9c error 4 in
  libc-2.17.so[b716+1ad000]

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/cyrus-sasl2/+bug/1187001/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs


[Bug 1187001] Re: saslauthd[26791]: segfault at 0 ip b71de6f1 sp bfcd2d9c error 4 in libc-2.17.so[b7160000+1ad000]

2013-10-01 Thread Seth Arnold
Are you confident about multi-threading? I don't see any linker commands
to link against the threading libraries in our build logs:
https://launchpadlibrarian.net/92810645/buildlog_ubuntu-precise-amd64
.cyrus-sasl2_2.1.25.dfsg1-3_BUILDING.txt.gz  and I also see extensive
use of fork(2) in the upstream git: http://git.cyrusimap.org/cyrus-
sasl/tree/saslauthd/saslauthd-
main.c?id=dedad73e5e7a75d01a5f3d5a6702ab8ccd2ff40d

>From just the five minutes I've looked, I'd say it looks like usual
Unix-style preforking server, not threaded server.

Thanks

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1187001

Title:
  saslauthd[26791]: segfault at 0 ip b71de6f1 sp bfcd2d9c error 4 in
  libc-2.17.so[b716+1ad000]

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/cyrus-sasl2/+bug/1187001/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs


Re: [Bug 1187001] Re: saslauthd[26791]: segfault at 0 ip b71de6f1 sp bfcd2d9c error 4 in libc-2.17.so[b7160000+1ad000]

2013-10-01 Thread HappyCamper
Hi

Thanks. Also note the use of crypt() in a multithreaded application.
Must be crypt_r().

CU,
  Arno

Seth Arnold <1187...@bugs.launchpad.net> wrote:
>I think this hasn't been addressed in part because it didn't get a CVE
>number: http://openwall.com/lists/oss-security/2013/07/12/4
>
>Since the service appears to be restarting without qualm, I can see why
>it didn't get a CVE, but this does seem less than awesome.
>
>Mancha made a lot of patches for services when the crypt() change
>happened, here's an email from him with upstream patch and two
>backported patches: http://openwall.com/lists/oss-security/2013/07/12/3
>
>-- 
>You received this bug notification because you are subscribed to the
>bug
>report.
>https://bugs.launchpad.net/bugs/1187001
>
>Title:
>  saslauthd[26791]: segfault at 0 ip b71de6f1 sp bfcd2d9c error 4 in
>  libc-2.17.so[b716+1ad000]
>
>To manage notifications about this bug go to:
>https://bugs.launchpad.net/ubuntu/+source/cyrus-sasl2/+bug/1187001/+subscriptions

-- 
Sent from my Android device with K-9 Mail. Please excuse my brevity.

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1187001

Title:
  saslauthd[26791]: segfault at 0 ip b71de6f1 sp bfcd2d9c error 4 in
  libc-2.17.so[b716+1ad000]

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/cyrus-sasl2/+bug/1187001/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs


[Bug 1187001] Re: saslauthd[26791]: segfault at 0 ip b71de6f1 sp bfcd2d9c error 4 in libc-2.17.so[b7160000+1ad000]

2013-10-01 Thread Seth Arnold
I think this hasn't been addressed in part because it didn't get a CVE
number: http://openwall.com/lists/oss-security/2013/07/12/4

Since the service appears to be restarting without qualm, I can see why
it didn't get a CVE, but this does seem less than awesome.

Mancha made a lot of patches for services when the crypt() change
happened, here's an email from him with upstream patch and two
backported patches: http://openwall.com/lists/oss-security/2013/07/12/3

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1187001

Title:
  saslauthd[26791]: segfault at 0 ip b71de6f1 sp bfcd2d9c error 4 in
  libc-2.17.so[b716+1ad000]

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/cyrus-sasl2/+bug/1187001/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs


[Bug 1187001] Re: saslauthd[26791]: segfault at 0 ip b71de6f1 sp bfcd2d9c error 4 in libc-2.17.so[b7160000+1ad000]

2013-10-01 Thread Seth Arnold
** Information type changed from Public to Public Security

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1187001

Title:
  saslauthd[26791]: segfault at 0 ip b71de6f1 sp bfcd2d9c error 4 in
  libc-2.17.so[b716+1ad000]

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/cyrus-sasl2/+bug/1187001/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs


[Bug 1187001] Re: saslauthd[26791]: segfault at 0 ip b71de6f1 sp bfcd2d9c error 4 in libc-2.17.so[b7160000+1ad000]

2013-08-16 Thread HappyCamper
BTW, shouldn't saslauthd use crypt_r(), it being a multi-threaded
beasty? ;o)

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1187001

Title:
  saslauthd[26791]: segfault at 0 ip b71de6f1 sp bfcd2d9c error 4 in
  libc-2.17.so[b716+1ad000]

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/cyrus-sasl2/+bug/1187001/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs


[Bug 1187001] Re: saslauthd[26791]: segfault at 0 ip b71de6f1 sp bfcd2d9c error 4 in libc-2.17.so[b7160000+1ad000]

2013-08-16 Thread HappyCamper
Hi all

I can reproduce the problem when I run saslauthd with authmech shadow:

saslauthd -a shadow

and then try to authenticate users that have a crippled /etc/shadow
entry. By crippled I mean ! or * as password entry, as for root, mail,
nobody.

When I run the 2.1.25 stock source with debugging symbols in gdb with
"-a shadow -n 1 -d -m /var/run/saslauthd/mux" as param, I get:

Program received signal SIGSEGV, Segmentation fault.
0xb7e6e6f1 in ?? () from /lib/i386-linux-gnu/libc.so.6
(gdb) where
#0  0xb7e6e6f1 in ?? () from /lib/i386-linux-gnu/libc.so.6
#1  0xb7e6e326 in strdup () from /lib/i386-linux-gnu/libc.so.6
#2  0x0804b910 in auth_shadow (login=0xb098 "root", 
password=0xb199 "dfsdf", service=0xb29a "ldap", 
realm=0xb39b "") at auth_shadow.c:188
#3  0x0804ed3f in do_auth (_login=_login@entry=0xb098 "root", 
password=password@entry=0xb199 "dfsdf", 
service=service@entry=0xb29a "ldap", realm=realm@entry=0xb39b "")
at saslauthd-main.c:410
#4  0x0804dd17 in do_request (conn_fd=conn_fd@entry=9) at ipc_unix.c:426
#5  0x0804e547 in ipc_loop () at ipc_unix.c:277
#6  0x080499c1 in main (argc=8, argv=0xb5e4) at saslauthd-main.c:369

Offending line is:

  cpw = strdup((const char *)crypt(password, sp->sp_pwdp));

where crypt() returns NULL for the crippled shadow entries. Proposed
patch:

char *encpwd = crypt(password, sp->sp_pwdp);
if (encpwd == NULL) {
if (flags & VERBOSE) {
syslog(LOG_DEBUG, "DEBUG: auth_shadow: crypt returned NULL");
}
RETURN("NO");
}
cpw = strdup((const char *)encpwd);

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1187001

Title:
  saslauthd[26791]: segfault at 0 ip b71de6f1 sp bfcd2d9c error 4 in
  libc-2.17.so[b716+1ad000]

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/cyrus-sasl2/+bug/1187001/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs


[Bug 1187001] Re: saslauthd[26791]: segfault at 0 ip b71de6f1 sp bfcd2d9c error 4 in libc-2.17.so[b7160000+1ad000]

2013-06-13 Thread chud
if anyone else is suffering this I installed fail2ban as a
workaround, the attacker's IP gets banned before SASL falls over.

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1187001

Title:
  saslauthd[26791]: segfault at 0 ip b71de6f1 sp bfcd2d9c error 4 in
  libc-2.17.so[b716+1ad000]

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/cyrus-sasl2/+bug/1187001/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs


[Bug 1187001] Re: saslauthd[26791]: segfault at 0 ip b71de6f1 sp bfcd2d9c error 4 in libc-2.17.so[b7160000+1ad000]

2013-06-04 Thread Yolanda Robla
** Changed in: cyrus-sasl2 (Ubuntu)
   Status: New => Confirmed

** Changed in: cyrus-sasl2 (Ubuntu)
   Importance: Undecided => High

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1187001

Title:
  saslauthd[26791]: segfault at 0 ip b71de6f1 sp bfcd2d9c error 4 in
  libc-2.17.so[b716+1ad000]

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/cyrus-sasl2/+bug/1187001/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs