Bug 829456 (CVE-2013-4122) - VUL-0: cyrus-sasl: CVE-2013-4122: crypt() NULL ptr deref
Summary: VUL-0: cyrus-sasl: CVE-2013-4122: crypt() NULL ptr deref
Status: VERIFIED INVALID
Alias: CVE-2013-4122
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents (show other bugs)
Version: unspecified
Hardware: Other Other
: P3 - Medium : Normal
Target Milestone: ---
Assignee: Ralf Haferkamp
QA Contact: Security Team bot
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2013-07-15 08:20 UTC by Sebastian Krahmer
Modified: 2019-04-15 07:16 UTC (History)
1 user (show)

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Sebastian Krahmer 2013-07-15 08:20:26 UTC 
Via OSS-sec:

Date: Fri, 12 Jul 2013 15:27:18 +0000
To: oss-security
From: mancha
Subject: [oss-security] CVE request: Cyrus-sasl NULL ptr. dereference


Starting with glibc 2.17 (eglibc 2.17), crypt() fails with
EINVAL (w/ NULL return) if the salt violates specifications.
Additionally, on FIPS-140 enabled Linux systems, DES/MD5-encrypted
passwords passed to crypt() fail with EPERM (w/ NULL return).

When authenticating against Cyrus-sasl via mechanisms that use
glibc's crypt (e.g. getpwent or shadow auth. mechs), and this
crypt() returns a NULL as glibc 2.17+ does on above-described
input, the client crashes the authentication daemon resulting
in a DoS.

Upstream fix:
http://git.cyrusimap.org/cyrus-
sasl/commit/?id=dedad73e5e7a75d01a5f3d5a6702ab8ccd2ff40d

Backported fixes (versions 2.1.23 & 2.1.26):
http://sourceforge.net/projects/miscellaneouspa/files/glibc217/cyrus
-sasl-2.1.23-glibc217-crypt.diff
http://sourceforge.net/projects/miscellaneouspa/files/glibc217/cyrus
-sasl-2.1.26-glibc217-crypt.diff

Many thanks,

--mancha
Comment 1 Sebastian Krahmer 2013-07-15 08:21:45 UTC 
CVE-2013-4122
Comment 2 Swamp Workflow Management 2013-07-15 22:00:27 UTC 
bugbot adjusting priority
Comment 3 Sebastian Krahmer 2013-07-17 13:09:13 UTC 
does not affect us