Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

SUSE-SU-2025:0689-1

Опубликовано: 24 фев. 2025
Источник: suse-cvrf

Описание

Security update for pam_pkcs11

This update for pam_pkcs11 fixes the following issues:

  • CVE-2025-24032: default value for cert_policy (none) allows for authentication bypass (bsc#1237062).
  • CVE-2025-24031: uninitialized pointer dereference caused by user pressing ctrl-c/ctrl-d when asked for PIN leads to crash (bsc#1237058).

Список пакетов

Image SLES15-SP6-Hardened-BYOS
pam_pkcs11-0.6.10-150600.16.3.1
Image SLES15-SP6-Hardened-BYOS-GCE
pam_pkcs11-0.6.10-150600.16.3.1
SUSE Linux Enterprise Module for Basesystem 15 SP6
pam_pkcs11-0.6.10-150600.16.3.1
pam_pkcs11-32bit-0.6.10-150600.16.3.1
openSUSE Leap 15.6
pam_pkcs11-0.6.10-150600.16.3.1
pam_pkcs11-32bit-0.6.10-150600.16.3.1
pam_pkcs11-devel-doc-0.6.10-150600.16.3.1

Ссылки

Описание

PAM-PKCS#11 is a Linux-PAM login module that allows a X.509 certificate based user login. In versions 0.6.12 and prior, the pam_pkcs11 module segfaults when a user presses ctrl-c/ctrl-d when they are asked for a PIN. When a user enters no PIN at all, `pam_get_pwd` will never initialize the password buffer pointer and as such `cleanse` will try to dereference an uninitialized pointer. On my system this pointer happens to have the value 3 most of the time when running sudo and as such it will segfault. The most likely impact to a system affected by this issue is an availability impact due to a daemon that uses PAM crashing. As of time of publication, a patch for the issue is unavailable.

Затронутые продукты
Image SLES15-SP6-Hardened-BYOS-GCE:pam_pkcs11-0.6.10-150600.16.3.1
Image SLES15-SP6-Hardened-BYOS:pam_pkcs11-0.6.10-150600.16.3.1
SUSE Linux Enterprise Module for Basesystem 15 SP6:pam_pkcs11-0.6.10-150600.16.3.1
SUSE Linux Enterprise Module for Basesystem 15 SP6:pam_pkcs11-32bit-0.6.10-150600.16.3.1
Ссылки

Описание

PAM-PKCS#11 is a Linux-PAM login module that allows a X.509 certificate based user login. Prior to version 0.6.13, if cert_policy is set to none (the default value), then pam_pkcs11 will only check if the user is capable of logging into the token. An attacker may create a different token with the user's public data (e.g. the user's certificate) and a PIN known to the attacker. If no signature with the private key is required, then the attacker may now login as user with that created token. The default to *not* check the private key's signature has been changed with commit commi6638576892b59a99389043c90a1e7dd4d783b921, so that all versions starting with pam_pkcs11-0.6.0 should be affected. As a workaround, in `pam_pkcs11.conf`, set at least `cert_policy = signature;`.

Затронутые продукты
Image SLES15-SP6-Hardened-BYOS-GCE:pam_pkcs11-0.6.10-150600.16.3.1
Image SLES15-SP6-Hardened-BYOS:pam_pkcs11-0.6.10-150600.16.3.1
SUSE Linux Enterprise Module for Basesystem 15 SP6:pam_pkcs11-0.6.10-150600.16.3.1
SUSE Linux Enterprise Module for Basesystem 15 SP6:pam_pkcs11-32bit-0.6.10-150600.16.3.1
Ссылки