FreeBSD-EN-22:19.pam : NULL pointer dereference in pam_exec(8)
Versions Affected : All versions prior to TrueNAS 13.0-U2
Description
When pam_exec(8) is used for authentication with the expose_authtok option and an application calls pam_setcred(3), it attempts to expose an already stored authentication token. It is incorrectly assumed that there always is such a token stored, which leads to dereferencing a NULL pointer if this isn’t the case.
It is impossible to reliably use pam_exec(8) for authentication with the expose_authtok option, that is necessary to have the external program check credentials. In most scenarios, authentication will fail because of a crash caused by the NULL pointer dereference.
Workaround
No workaround is available, however systems not using pam_exec(8) for authentication are not affected.
Mitigation
- Upgrade to TrueNAS 13.0-U2 or later.