Ubuntu Security Notice 959-2 - USN-959-1 fixed vulnerabilities in PAM. This update provides the corresponding updates for Ubuntu 10.10. Denis Excoffier discovered that the PAM MOTD module in Ubuntu did not correctly handle path permissions when creating user file stamps. A local attacker could exploit this to gain root privileges.
13fe9e17bf363b24f61bcc60c7749fd69ace6d3fc16fccaf18770b869c4188db
===========================================================
Ubuntu Security Notice USN-959-2 October 25, 2010
pam vulnerability
CVE-2010-0832
===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 10.10
This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.
The problem can be corrected by upgrading your system to the
following package versions:
Ubuntu 10.10:
libpam-modules 1.1.1-4ubuntu2
In general, a standard system update will make all the necessary changes.
Details follow:
USN-959-1 fixed vulnerabilities in PAM. This update provides the
corresponding updates for Ubuntu 10.10.
Original advisory details:
Denis Excoffier discovered that the PAM MOTD module in Ubuntu did
not correctly handle path permissions when creating user file stamps.
A local attacker could exploit this to gain root privilieges.
Updated packages for Ubuntu 10.10:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/p/pam/pam_1.1.1-4ubuntu2.diff.gz
Size/MD5: 256311 70ceb0ea3e0aea771cb0ee4d20159302
http://security.ubuntu.com/ubuntu/pool/main/p/pam/pam_1.1.1-4ubuntu2.dsc
Size/MD5: 1636 8b0a9a5576629cdc16a07fb6221555d1
http://security.ubuntu.com/ubuntu/pool/main/p/pam/pam_1.1.1.orig.tar.gz
Size/MD5: 1799415 b4838d787dd9b046a4d6992e18b6ffac
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/p/pam/libpam-doc_1.1.1-4ubuntu2_all.deb
Size/MD5: 284250 ee51d0d5117e8005bd96d365160ab8fc
http://security.ubuntu.com/ubuntu/pool/main/p/pam/libpam-runtime_1.1.1-4ubuntu2_all.deb
Size/MD5: 85274 65b297ca5b321eef1b76c05b7e15da01
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/p/pam/libpam-cracklib_1.1.1-4ubuntu2_amd64.deb
Size/MD5: 56638 2058636a296f011ee82fb1085bcf98a0
http://security.ubuntu.com/ubuntu/pool/main/p/pam/libpam-modules_1.1.1-4ubuntu2_amd64.deb
Size/MD5: 347314 d5f3e4cf08b35bf1c4772d0e17df9787
http://security.ubuntu.com/ubuntu/pool/main/p/pam/libpam0g-dev_1.1.1-4ubuntu2_amd64.deb
Size/MD5: 158630 5b55c802a6e55ad7de7dca34853cadf5
http://security.ubuntu.com/ubuntu/pool/main/p/pam/libpam0g_1.1.1-4ubuntu2_amd64.deb
Size/MD5: 94660 a3f147932dc1c9dc7c0fff522bc7f7cd
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/p/pam/libpam-cracklib_1.1.1-4ubuntu2_i386.deb
Size/MD5: 56300 6ebc733abee6253e70f7862b8c8deead
http://security.ubuntu.com/ubuntu/pool/main/p/pam/libpam-modules_1.1.1-4ubuntu2_i386.deb
Size/MD5: 323066 799c517fe7928f1afbf2b440c87e23c3
http://security.ubuntu.com/ubuntu/pool/main/p/pam/libpam0g-dev_1.1.1-4ubuntu2_i386.deb
Size/MD5: 152140 5fef5190dfed92ca9c30e11723d7dd09
http://security.ubuntu.com/ubuntu/pool/main/p/pam/libpam0g_1.1.1-4ubuntu2_i386.deb
Size/MD5: 91718 498d37554ea0e6327aa91c6a7fb7e2ca
powerpc architecture (Apple Macintosh G3/G4/G5):
http://ports.ubuntu.com/pool/main/p/pam/libpam-cracklib_1.1.1-4ubuntu2_powerpc.deb
Size/MD5: 56864 c4a0ce26fa71db14be87e8bd72a0b993
http://ports.ubuntu.com/pool/main/p/pam/libpam-modules_1.1.1-4ubuntu2_powerpc.deb
Size/MD5: 343926 d00027f03fa3506e2c7433da8bf60e3a
http://ports.ubuntu.com/pool/main/p/pam/libpam0g-dev_1.1.1-4ubuntu2_powerpc.deb
Size/MD5: 157816 654f538026e76baea9b670d323eb9680
http://ports.ubuntu.com/pool/main/p/pam/libpam0g_1.1.1-4ubuntu2_powerpc.deb
Size/MD5: 95076 7056a91e001172a2e143b138c7bf60d2