Vulnerability CVE-2016-6318: Information
Description
Stack-based buffer overflow in the FascistGecosUser function in lib/fascist.c in cracklib allows local users to cause a denial of service (application crash) or gain privileges via a long GECOS field, involving longbuffer.
Severity: HIGH (7.8) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Fixed packages
Package name | Branch | Fixed in version | Version from repository | Errata ID | Task # | State |
---|---|---|---|---|---|---|
cracklib | sisyphus | 2.9.6-alt1 | 2.9.11-alt1 | ALT-PU-2015-1926-1 | 152180 | Fixed |
cracklib | p10 | 2.9.6-alt1 | 2.9.7-alt4 | ALT-PU-2015-1926-1 | 152180 | Fixed |
cracklib | p9 | 2.9.6-alt1 | 2.9.7-alt1 | ALT-PU-2015-1926-1 | 152180 | Fixed |
cracklib | c10f1 | 2.9.6-alt1 | 2.9.7-alt4 | ALT-PU-2015-1926-1 | 152180 | Fixed |
cracklib | c9f2 | 2.9.6-alt1 | 2.9.7-alt1 | ALT-PU-2015-1926-1 | 152180 | Fixed |
References to Advisories, Solutions, and Tools
Hyperlink | Resource |
---|---|
[oss-security] 20160816 cracklib: Stack-based buffer overflow when parsing large GECOS field |
|
openSUSE-SU-2016:2204 |
|
92478 |
|
GLSA-201612-25 |
|
[debian-lts-announce] 20200524 [SECURITY] [DLA 2220-1] cracklib2 security update |
|
https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E | |
https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E |