Denial of Service possible with Pacemaker WebUI long password

Solution In Progress - Updated -

Issue

  • Its possible to hang the pacemaker service through pacemaker webui. Even after the restart of the servers, the problem does not disappear. The way to reproduce is to give a valid username and really long password to the password field on the webui.

  • From the original report of CVE-2015-3238:

"If SELinux is enabled, the _unix_run_helper_binary function in Linux-PAM 1.1.8
and earlier hangs indefinitely when verifying a password of 65536 characters,
which allows attackers to conduct username enumeration and denial of service
attacks.

When supplying a password of 65536 characters or more, the process will block
on the write(2) call at modules/pam_unix/support.c:614 because it tries to
write strlen(passwd)+1 bytes to a blocking pipe and a pipe has a limited
capacity of 65536 bytes on Linux."

Environment

  • Red Hat Enterprise Linux 6

  • pam-1.1.1-20.el6_7.1

  • Red Hat Enterprise Linux 7

  • pam < 1.1.8-12.el7_1.1

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content