Access to Linux with any password
An update from the developers of Linux-PAM fixes a vulnerability which could be exploited to outsmart the authentication process. The error was located in the function _unix_verify_password in the modules/pam_unix/support.c module. According to the error report, this made it possible, under certain circumstances, to log onto an account using any password. This circumstance only occurred, however, if the password hash in the /etc/passwd file or in /etc/shadow consisted of two exclamation marks (!!) or similar. Under Red Hat, for example, two exclamation marks are entered as the hash when an account is created until a password has been entered - the account should actually be blocked until this is done.
According to the developers, the error first appeared in version 0.99.7.0 and has been fixed in version 0.99.7.1. The developers recommend that PAM users update quickly.
Pluggable Authentication Modules (PAM) under Linux/Unix simplify user administration, because they are able to use other systems' login procedures. A pam_ldap module, for example, allows users to authenticate themselves against a central LDAP server, whilst pam-pgsql is used for authentication from a PostgreSQL database.
- Linux-PAM 0.99.7.1 released, message on the Red Hat PAM mailing list
- rawhide report: 20070120 changes, message on the Fedora mailing list