Public bug reported:
When using sasl2-bin and saslauthd it will fail to work correctly with pam.
The first major problem is that that it will fail to report the rhost
address in the log which means auth failures cannot be policed and no
useful data (the ip address) is reported to the log file. Example below
during a password brute force attempt.
Jan 19 21:57:16 mail saslauthd[1534]: pam_unix(smtp:auth): check pass; user
unknown
Jan 19 21:57:16 mail saslauthd[1534]: pam_unix(smtp:auth): authentication
failure; logname= uid=0 euid=0 tty= ruser= rhost=
The other issue is that it would be great to be able to ip restrict
logins based on pam module configuration. Based on previous reading and
as far as I can tell the remote ip address is not supported between the
imap/pop/smtp process and sasl2 is it possible to add support for this?
Technically this is a long standing security issue because fail2ban
cannot be used to process the syslog file and auto block the host during
brute force password attempts.
** Affects: cyrus-sasl2 (Ubuntu)
Importance: Undecided
Status: New
** Tags: auth imap pam pop3 saslauthd sendmail
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to cyrus-sasl2 in Ubuntu.
https://bugs.launchpad.net/bugs/1657897
Title:
Failure to report rhosts
Status in cyrus-sasl2 package in Ubuntu:
New
Bug description:
When using sasl2-bin and saslauthd it will fail to work correctly with pam.
The first major problem is that that it will fail to report the rhost
address in the log which means auth failures cannot be policed and no
useful data (the ip address) is reported to the log file. Example
below during a password brute force attempt.
Jan 19 21:57:16 mail saslauthd[1534]: pam_unix(smtp:auth): check pass; user
unknown
Jan 19 21:57:16 mail saslauthd[1534]: pam_unix(smtp:auth): authentication
failure; logname= uid=0 euid=0 tty= ruser= rhost=
The other issue is that it would be great to be able to ip restrict
logins based on pam module configuration. Based on previous reading
and as far as I can tell the remote ip address is not supported
between the imap/pop/smtp process and sasl2 is it possible to add
support for this?
Technically this is a long standing security issue because fail2ban
cannot be used to process the syslog file and auto block the host
during brute force password attempts.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/cyrus-sasl2/+bug/1657897/+subscriptions
--
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help : https://help.launchpad.net/ListHelp
