Candidate: CVE-2016-6318 PublicDate: 2016-09-07 19:28:00 UTC References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6318 http://seclists.org/oss-sec/2016/q3/290 Description: Stack-based buffer overflow in the FascistGecosUser function in lib/fascist.c in cracklib allows local users to cause a denial of service (application crash) or gain privileges via a long GECOS field, involving longbuffer. Ubuntu-Description: Notes: tyhicks> Ubuntu's chfn limits the total GECOS field length to 84 characters which is well within cracklib2's buffer size of 2048. tyhicks> libpam-cracklib is not part of the default install so PAM cracklib support is not enabled in the majority of Ubuntu installs tyhicks> Ubuntu's /etc/login.defs only allows unprivileged users to set their room number, work phone, and home phone Bugs: https://bugs.launchpad.net/ubuntu/+source/cracklib2/+bug/1617155 Priority: negligible Discovered-by: Raed Albuliwi Assigned-to: CVSS: nvd: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H [7.8 HIGH] nvd: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H [7.8 HIGH] Patches_cracklib2: upstream: https://bugzilla.redhat.com/attachment.cgi?id=1188599 upstream_cracklib2: needed precise_cracklib2: ignored (reached end-of-life) precise/esm_cracklib2: ignored (end of ESM support, was needed) trusty_cracklib2: ignored (reached end-of-life) trusty/esm_cracklib2: needed vivid/stable-phone-overlay_cracklib2: DNE vivid/ubuntu-core_cracklib2: DNE xenial_cracklib2: ignored (end of standard support, was needed) esm-infra/xenial_cracklib2: needed yakkety_cracklib2: not-affected (2.9.2-3) zesty_cracklib2: not-affected (2.9.2-3) artful_cracklib2: not-affected (2.9.2-3) bionic_cracklib2: not-affected (2.9.2-3) cosmic_cracklib2: not-affected (2.9.2-3) disco_cracklib2: not-affected (2.9.2-3) eoan_cracklib2: not-affected (2.9.2-3) focal_cracklib2: not-affected (2.9.2-3) groovy_cracklib2: not-affected (2.9.2-3) hirsute_cracklib2: not-affected (2.9.2-3) impish_cracklib2: not-affected (2.9.2-3) jammy_cracklib2: not-affected (2.9.2-3) devel_cracklib2: not-affected (2.9.2-3)