Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

Linux PAM 0.6.9 Authentication Replay Vulnerability

🗓️ 17 Aug 2018 00:00:00Reported by Eric SesterhennType 
zdt
 zdt🔗 0day.today👁 89 Views

Linux PAM 0.6.9 Authentication Replay Vulnerability, Buffer Overflow, Memory not cleaned properly before free(

Code
Multiple Vulnerabilities in pam_pkcs11
======================================


Overview
- --------
Confirmed Affected Versions: 0.6.9
Confirmed Patched Versions: -
Vendor: Unmaintained
Vendor URL: https://github.com/OpenSC/pampkcs11
Credit: X41 D-Sec GmbH, Eric Sesterhenn
Status: Public
Advisory-URL:
https://www.x41-dsec.de/lab/advisories/x41-2018-003-pampkcs11/


Summary and Impact
- ------------------
It is possible to replay an authentication by using a specially
prepared smartcard or token in case pam-pkcs11 is compiled with NSS
support. Furthermore two minor implementation issues have been identified.
X41 did not perform a full test or audit on the software.


Product Description
- -------------------
This Linux-PAM login module allows a X.509 certificate based user
login. The certificate and its dedicated private key are thereby
accessed by means of an appropriate PKCS #11 module. For the
verification of the users' certificates, locally stored CA
certificates as well as either online or locally accessible CRLs are
used.

Authentication Replay
=====================
Severity Rating: High
Vector: Login attempt at compromised machine
CVE: -
CWE: 125
CVSS Score: 7.0 (High)
CVSS Vector: CVSS:3.0/AV:P/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N


Summary and Impact
- ------------------
A replay attack is possible due to a logic bug in file pampkcs11.c. In
function `pamsmauthenticate()a nonce is generated and signed with the
card to verify that the card holds the matching secret key, if a valid
certifiate is found. This is done using the functiongetrandomvalue(),
which in turn callsPK11GenerateRandom()`, which queries the smartcard
for random data.
This allows for a replay attack with a malicious smartcard. If a user
plugins in his card into a compromised computer, the nonce and answer
can be recorded by an attacker. The attacker then modifies a smartcard
or a smartcard emulator to replay with the exact same nonce and signed
data, which allows the attacker to login to another computer without
having further access to the smartcard.


Workarounds
- -----------
Switch to pam_p11.

Buffer Overflow
===============
Severity Rating: Low
Vector: Overly long user home directory
CVE: -
CWE: 121
CVSS Score: -
CVSS Vector: -


Summary and Impact
- ------------------
In file opensshmapper.c a stack based buffer overflow is possible if a
user has a home directory with a length of more than 512 bytes. This
allows to overwrite the passwd structure and possibly the return
address in `opensshmappermatchuser()`;

{% highlight c %}
opensshmapper.c
static int opensshmappermatchuser(X509 *x509, const char *user, void
*context) {
        struct passwd *pw;
        char filename[512];
        if (!x509) return -1;
        if (!user) return -1;
        pw = getpwnam(user);
        if (!pw || isemptystr(pw->pwdir) ) {
            DBG1("User '%s' has no home directory",user);
            return -1;
        }
        sprintf(filename,"%s/.ssh/authorizedkeys",pw->pwdir);
        return opensshmappermatchkeys(x509,filename);
}
{% endhighlight %}


Workarounds
- -----------
Switch to pam_p11.

Memory not cleaned properly before free()
=========================================
Severity Rating: Low
Vector: -
CVE: -
CWE: 244
CVSS Score: -
CVSS Vector: -
_

Summary and Impact
- ------------------
In several places memory is set to zero using memset() and passed on
to free() afterwards. This is a pattern which modern compilers
optimize away, which renders the call to memset() useless. This causes
sensitive data such as passwords to remain in the memory, which
defeats the original intention of the code.

{% highlight c %}
   memset(password, 0, strlen(password));
   free(password);
{% endhighlight %}


Workarounds
- -----------
Switch to pam_p11.

Timeline
========
2018-02-03 Issues found
2018-04-18 Vendor contacted
2018-04-18 Vendor reply
2018-05-18 Technical details provided
2018-05-24 Private git branch created, issues fixed
2018-08-08 Patched version released at
https://github.com/x41sec/pam_pkcs11
2018-08-11 Advisory released

#  0day.today [2018-08-19]  #

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
17 Aug 2018 00:00Current
6.8Medium risk
Vulners AI Score6.8
pam-pkcs11nss supportx.509 certificatereplay attacksmartcardloginbuffer overflowuser home directorymemory management
89