Get a Quote   (408) 943-4100               TrueNAS Discord      VendOp_Icon_15x15px   Commercial Support

Versions Affected : All versions prior to TrueNAS 13.0-U2


Description

When pam_exec(8) is used for authentication with the expose_authtok option and an application calls pam_setcred(3), it attempts to expose an already stored authentication token. It is incorrectly assumed that there always is such a token stored, which leads to dereferencing a NULL pointer if this isn’t the case.

It is impossible to reliably use pam_exec(8) for authentication with the expose_authtok option, that is necessary to have the external program check credentials. In most scenarios, authentication will fail because of a crash caused by the NULL pointer dereference.


Workaround

No workaround is available, however systems not using pam_exec(8) for authentication are not affected.


Mitigation

  • Upgrade to TrueNAS 13.0-U2 or later.

Commit


Further information