| |||||||||||||||||||
Pardus alert 2011-41 (pam)
------------------------------------------------------------------------ Pardus Linux Security Advisory 2011-41 security@pardus.org.tr ------------------------------------------------------------------------ Date: 2011-02-14 Severity: 3 Type: Local ------------------------------------------------------------------------ Summary ======= Multiple vulnerabilities have been fixed in Linux-PAM. Description =========== CVE-2010-3316: The run_coprocess function in pam_xauth.c in the pam_xauth module in Linux-PAM (aka pam) before 1.1.2 does not check the return values of the setuid, setgid, and setgroups system calls, which might allow local users to read arbitrary files by executing a program that relies on the pam_xauth PAM check. CVE-2010-3430: The privilege-dropping implementation in the (1) pam_env and (2) pam_mail modules in Linux-PAM (aka pam) 1.1.2 does not perform the required setfsgid and setgroups system calls, which might allow local users to obtain sensitive information by leveraging unintended group permissions, as demonstrated by a symlink attack on the .pam_environment file in a user's home directory. NOTE: this vulnerability exists because of an incomplete fix for CVE-2010-3435. CVE-2010-3431: The privilege-dropping implementation in the (1) pam_env and (2) pam_mail modules in Linux-PAM (aka pam) 1.1.2 does not check the return value of the setfsuid system call, which might allow local users to obtain sensitive information by leveraging an unintended uid, as demonstrated by a symlink attack on the .pam_environment file in a user's home directory. NOTE: this vulnerability exists because of an incomplete fix for CVE-2010-3435. CVE-2010-3435: The (1) pam_env and (2) pam_mail modules in Linux-PAM (aka pam) before 1.1.2 use root privileges during read access to files and directories that belong to arbitrary user accounts, which might allow local users to obtain sensitive information by leveraging this filesystem activity, as demonstrated by a symlink attack on the .pam_environment file in a user's home directory. CVE-2010-3853: It was discovered that the pam_namespace module executed the external script namespace.init with an unchanged environment inherited from an application calling PAM. In cases where such an environment was untrusted (for example, when pam_namespace was configured for setuid applications such as su or sudo), a local, unprivileged user could possibly use this flaw to escalate their privileges. CVE-2010-4706: The pam_sm_close_session function in pam_xauth.c in the pam_xauth module in Linux-PAM (aka pam) 1.1.2 and earlier does not properly handle a failure to determine a certain target uid, which might allow local users to delete unintended files by executing a program that relies on the pam_xauth PAM check. Affected packages: Pardus 2009: pam, all before 1.1.3-25-8 Resolution ========== There are update(s) for pam. You can update them via Package Manager or with a single command from console: pisi up pam References ========== * http://bugs.pardus.org.tr/show_bug.cgi?id=15177 * http://bugs.pardus.org.tr/show_bug.cgi?id=16701 * http://bugs.pardus.org.tr/show_bug.cgi?id=16703 * http://bugs.pardus.org.tr/show_bug.cgi?id=16711 * http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-... * http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-... * http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-... * http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-... * http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-... * http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-... ------------------------------------------------------------------------ _______________________________________________ Pardus-Security mailing list Pardus-Security@pardus.org.tr http://liste.pardus.org.tr/mailman/listinfo/pardus-security (Log in to post comments)
|
|||||||||||||||||||