Vigil@nce: libpam, incorrect UTF-8 login handling
March 2009 by Vigil@nce
The libpam library does not correctly handle Unicode characters
located in usernames.
– Gravity: 1/4
– Consequences: user access/rights
– Provenance: user account
– Means of attack: no proof of concept, no attack
– Ability of attacker: expert (4/4)
– Confidence: confirmed by the editor (5/5)
– Diffusion of the vulnerable configuration: high (3/3)
– Creation date: 05/03/2009
IMPACTED PRODUCTS
– Unix - plateform
DESCRIPTION OF THE VULNERABILITY
The libpam library handles PAM authentication.
PAM configuration files can contain usernames, which are defined
by the administrator.
The _pam_StrTok() function of the pam_misc.c file is used to read
these usernames. However, this function does not correctly handle
characters with a value greater than 127, used by UTF-8. The real
username (for example: "abc") is thus different from the
configured name (for example: "abc[UTF-8]def").
An attacker can therefore bypass authentication mechanism by using
the different username.
CHARACTERISTICS
– Identifiers: VIGILANCE-VUL-8511
– Url: http://vigilance.fr/vulnerability/libpam-incorrect-UTF-8-login-handling-8511