Cannot connect FTP after apply T6C3024

Document ID : KB000005004
Last Modified Date : 14/02/2018
Show Technical Document Details
Issue:

Customer applied testfix, T6C3024.

After that,  ftp command which try to connect Linux server does not work . 

After he stop Privileged Identity Manager(a.k.a CA PIM), ftp command worked normally. 

So, he believe it is regression on T6C3024. 

For example, error message  on Redhat Enterprise Linux 7.2(x64)

-----

$ ftp localhost

Trying ::1... 

Connected to localhost (::1). 

Connected to localhost (127.0.0.1).

220 (vsFTPd 3.0.2)

Name (localhost:root): tusr00

331 Please specify the password.

Password:

500 OOPS: not a normal exit in vsf_sysutil_wait_get_exitcode

Login failed.

421 Service not available, remote server has closed connection

-----

And then it may crash vsftpd process.

Environment:
OS: RHEL 7.X(x64) Prod: CA Privileged Identity Manager r12.8 SP1 (T6C3024) for Endpoint.
Cause:

During login to vsftpd service, the vsftpd handler process segfaults. This is due to pam_seos.so setting an environment variable with putenv(). In new versions of Linux, it seems that the pam_seos.so library unloads which causes a pointer to our environment variable to remain in the environment, but since we are gone, the address is invalid. Subsequent calls to getenv() can crash if they encounter our pointer. 

 

Resolution:

Please apply testfix, T6C3026.

 

or 

comment out pam_seos entry at account section in /etc/pam.d/password-auth.

Such like a following:

 

Before:

account    optional     pam_seos.so

account required pam_unix.so

 

After:

# account    optional     pam_seos.so

account required pam_unix.so