FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

FreeBSD -- pam_ssh() does not validate service names

Affected packages
7.3 <= FreeBSD < 7.3_9
7.4 <= FreeBSD < 7.4_5
8.1 <= FreeBSD < 8.1_7
8.2 <= FreeBSD < 8.2_5

Details

VuXML ID e51d5b1a-4638-11e1-9f47-00e0815b8da8
Discovery 2011-12-23
Entry 2012-01-29

Problem Description:

Some third-party applications, including KDE's kcheckpass command, allow the user to specify the name of the policy on the command line. Since OpenPAM treats the policy name as a path relative to /etc/pam.d or /usr/local/etc/pam.d, users who are permitted to run such an application can craft their own policies and cause the application to load and execute their own modules.

References

CVE Name CVE-2011-4122
FreeBSD Advisory SA-11:10.pam