FreeBSD : FreeBSD -- Incorrect error handling in PAM policy parser (6e8f9003-6007-11e6-a6c3-14dae9d210b8)

This script is Copyright (C) 2016 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing one or more security-related
updates.

Description :

The OpenPAM library searches for policy definitions in several
locations. While doing so, the absence of a policy file is a soft
failure (handled by searching in the next location) while the presence
of an invalid file is a hard failure (handled by returning an error to
the caller).

The policy parser returns the same error code (ENOENT) when a
syntactically valid policy references a non-existent module as when
the requested policy file does not exist. The search loop regards this
as a soft failure and looks for the next similarly-named policy,
without discarding the partially-loaded configuration.

A similar issue can arise if a policy contains an include directive
that refers to a non-existent policy. Impact : If a module is removed,
or the name of a module is misspelled in the policy file, the PAM
library will proceed with a partially loaded configuration. Depending
on the exact circumstances, this may result in a fail-open scenario
where users are allowed to log in without a password, or with an
incorrect password.

In particular, if a policy references a module installed by a package
or port, and that package or port is being reinstalled or upgraded,
there is a brief window of time during which the module is absent and
policies that use it may fail open. This can be especially damaging to
Internet-facing SSH servers, which are regularly subjected to
brute-force scans.

See also :

http://www.nessus.org/u?f06139ab

Solution :

Update the affected packages.

Risk factor :

Medium / CVSS Base Score : 5.1
(CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P)
CVSS Temporal Score : 4.4
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : true

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 92903 ()

Bugtraq ID: 67808

CVE ID: CVE-2014-3879

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now