[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: Re: [oss-security] Minor security flaw with pam_xauth
From: Solar Designer <solar () openwall ! com>
Date: 2010-10-25 3:50:06
Message-ID: 20101025035006.GA29268 () openwall ! com
[Download RAW message or body]
Dmitry has produced a patch against Linux-PAM 1.1.2 with the fixes
mentioned in the quoted message below.
http://cvsweb.openwall.com/cgi/cvsweb.cgi/Owl/packages/pam/
This is Linux-PAM-1.1.2-up-20101011.diff (same as the changes made
upstream) and Linux-PAM-1.1.2-owl-Makefile.diff.
We already have this in Owl, documented as follows:
2010/10/18 Package: pam
SECURITY FIX Severity: none to medium, local, active
Updated to 1.1.2+ snapshot 20101011. This code revision introduces the
proper privilege switching into pam_env, pam_mail, and pam_xauth. None
of these modules are in use on default installs of Owl, and they never
were, hence there was no impact for default installs.
References:
http://www.openwall.com/lists/oss-security/2010/08/16/2
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3316
http://www.openwall.com/lists/oss-security/2010/09/21/3
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3435
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3430
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3431
I am posting this in case others want to have the issues fixed before
the 1.1.3 release comes out.
Alexander
On Mon, Oct 04, 2010 at 02:00:03AM +0400, Dmitry V. Levin wrote:
> The patch that fixes CVE-2010-3430 and CVE-2010-3431 was just made public:
> http://git.altlinux.org/people/ldv/packages/?p=pam.git;a=commitdiff;h=pam_modutil_priv
>
> Besides that, another two issues have been fixed in pam_xauth after
> Linux-PAM 1.1.2 release:
>
> In pam_sm_close_session(), the attempt to unlink cookie file was made
> without dropping privileges at all if target uid could not be determined:
> http://git.altlinux.org/people/ldv/packages/?p=pam.git;a=commitdiff;h=Linux-PAM-1_1_2-3-g05dafc0
>
> In check_acl(), there were no check that the acl file provided by target
> user is a regular file:
> http://git.altlinux.org/people/ldv/packages/?p=pam.git;a=commitdiff;h=Linux-PAM-1_1_2-2-gffe7058
>
>
> --
> ldv
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic