wiki:Errata/2014-06-02

Errata: Policy loading

Date
2014-06-02
Affects
Nummularia and Micrampelis
References
http://www.freebsd.org/security/advisories/FreeBSD-SA-14:13.pam.asc, http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3879
Description
When loading a module or processing an include directive, an ENOENT (file not found) error would incorrectly be propagated up the call stack and be interpreted as a missing policy, which is a soft error, rather than an invalid policy, which is a hard error. Depending on the circumstances, this could result in a fail-open scenario.
Workaround
Verify the spelling of all policies. When updating third-party modules (which will result in a brief window during which the module is missing), shut down affected services.
Fix
Apply r795.
Last modified 3 years ago Last modified on Oct 22, 2014, 11:18:00 AM