Mandriva Linux Security Advisory 2010-220 - The pam_xauth module did not verify the return values of the setuid() and setgid() system calls. A local, unprivileged user could use this flaw to execute the xauth command with root privileges and make it read an arbitrary input file. The pam_mail module used root privileges while accessing users' files. In certain configurations, a local, unprivileged user could use this flaw to obtain limited information about files or directories that they do not have access to. The pam_namespace module executed the external script namespace.init with an unchanged environment inherited from an application calling PAM. In cases where such an environment was untrusted (for example, when pam_namespace was configured for setuid applications such as su or sudo), a local, unprivileged user could possibly use this flaw to escalate their privileges.
c75c1f0958b4914a5e219e8bcf5114e2f17ff93bf7a68433b923fa33342f579d-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDVSA-2010:220
http://www.mandriva.com/security/
_______________________________________________________________________
Package : pam
Date : November 4, 2010
Affected: 2009.0, 2009.1, 2010.0, 2010.1, Enterprise Server 5.0
_______________________________________________________________________
Problem Description:
Multiple vulnerabilities were discovered and corrected in pam:
The pam_xauth module did not verify the return values of the setuid()
and setgid() system calls. A local, unprivileged user could use this
flaw to execute the xauth command with root privileges and make it
read an arbitrary input file (CVE-2010-3316).
The pam_mail module used root privileges while accessing users'
files. In certain configurations, a local, unprivileged user could
use this flaw to obtain limited information about files or directories
that they do not have access to (CVE-2010-3435).
The pam_namespace module executed the external script namespace.init
with an unchanged environment inherited from an application calling
PAM. In cases where such an environment was untrusted (for example,
when pam_namespace was configured for setuid applications such as su
or sudo), a local, unprivileged user could possibly use this flaw to
escalate their privileges (CVE-2010-3853).
Packages for 2009.0 are provided as of the Extended Maintenance
Program. Please visit this link to learn more:
http://store.mandriva.com/product_info.php?cPath=149&products_id=490
The updated packages have been patched to correct these issues.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3316
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3435
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3853
_______________________________________________________________________
Updated Packages:
Mandriva Linux 2009.0:
69786ba211f064d06465cc7b1495c2d3 2009.0/i586/libpam0-0.99.8.1-16.2mdv2009.0.i586.rpm
ad480c4220b456a3ea1c700e4aed85e4 2009.0/i586/libpam-devel-0.99.8.1-16.2mdv2009.0.i586.rpm
53657e6972a7c54172beda78dec01747 2009.0/i586/pam-0.99.8.1-16.2mdv2009.0.i586.rpm
badae4a2575ce217567a57caba4671e0 2009.0/i586/pam-doc-0.99.8.1-16.2mdv2009.0.i586.rpm
369f8fbf430e4e20ec2a049f2d5a8339 2009.0/SRPMS/pam-0.99.8.1-16.2mdv2009.0.src.rpm
Mandriva Linux 2009.0/X86_64:
35e03d6ab52fc14704180ff225ae0408 2009.0/x86_64/lib64pam0-0.99.8.1-16.2mdv2009.0.x86_64.rpm
a93abeab91371f20c1a190e6511ec499 2009.0/x86_64/lib64pam-devel-0.99.8.1-16.2mdv2009.0.x86_64.rpm
ef401ab8d6ca3fece20765f21e8a4b81 2009.0/x86_64/pam-0.99.8.1-16.2mdv2009.0.x86_64.rpm
3d3f1d915d7e2b43a66c9417fedcd945 2009.0/x86_64/pam-doc-0.99.8.1-16.2mdv2009.0.x86_64.rpm
369f8fbf430e4e20ec2a049f2d5a8339 2009.0/SRPMS/pam-0.99.8.1-16.2mdv2009.0.src.rpm
Mandriva Linux 2009.1:
c0c392fab146812a023e7633fe1ceeb7 2009.1/i586/libpam0-0.99.8.1-20.1mdv2009.1.i586.rpm
947d0b3b9b90a05ce3a9977c1436c57e 2009.1/i586/libpam-devel-0.99.8.1-20.1mdv2009.1.i586.rpm
4f99d7e29757bf81cc5cb60b5e01df48 2009.1/i586/pam-0.99.8.1-20.1mdv2009.1.i586.rpm
ca875c8c456de2772265f922187ca4b4 2009.1/i586/pam-doc-0.99.8.1-20.1mdv2009.1.i586.rpm
31264e4b3f73ed96678d159af6d2e07b 2009.1/SRPMS/pam-0.99.8.1-20.1mdv2009.1.src.rpm
Mandriva Linux 2009.1/X86_64:
1b31bd9af45b6355e153086bf16215de 2009.1/x86_64/lib64pam0-0.99.8.1-20.1mdv2009.1.x86_64.rpm
49b0cd7f2ebfcf3f051f1cfa1127bbe5 2009.1/x86_64/lib64pam-devel-0.99.8.1-20.1mdv2009.1.x86_64.rpm
95090c3f50e47129f973f86a85b827f2 2009.1/x86_64/pam-0.99.8.1-20.1mdv2009.1.x86_64.rpm
845484d6506e2ea62651932558822f63 2009.1/x86_64/pam-doc-0.99.8.1-20.1mdv2009.1.x86_64.rpm
31264e4b3f73ed96678d159af6d2e07b 2009.1/SRPMS/pam-0.99.8.1-20.1mdv2009.1.src.rpm
Mandriva Linux 2010.0:
6dd5a17484b94f93ba8a8cdc8a6994de 2010.0/i586/libpam0-1.1.0-6.1mdv2010.0.i586.rpm
7649cc7d3dd4f756cec888c18a279f94 2010.0/i586/libpam-devel-1.1.0-6.1mdv2010.0.i586.rpm
fb09c1526f0e43022aa09a53bda865a4 2010.0/i586/pam-1.1.0-6.1mdv2010.0.i586.rpm
52cb306b585052044bc896d8a092d6da 2010.0/i586/pam-doc-1.1.0-6.1mdv2010.0.i586.rpm
796383329dba07f3fa05e998e166cdfd 2010.0/SRPMS/pam-1.1.0-6.1mdv2010.0.src.rpm
Mandriva Linux 2010.0/X86_64:
cbc1a63c68a6e7928f165cb72b419c81 2010.0/x86_64/lib64pam0-1.1.0-6.1mdv2010.0.x86_64.rpm
f4649e861830739a84c6e034c5a02d92 2010.0/x86_64/lib64pam-devel-1.1.0-6.1mdv2010.0.x86_64.rpm
87fadece1f26a3a8fa81e13662f73835 2010.0/x86_64/pam-1.1.0-6.1mdv2010.0.x86_64.rpm
0486af7fd18e4cff4e2d1a0c454fdb7f 2010.0/x86_64/pam-doc-1.1.0-6.1mdv2010.0.x86_64.rpm
796383329dba07f3fa05e998e166cdfd 2010.0/SRPMS/pam-1.1.0-6.1mdv2010.0.src.rpm
Mandriva Linux 2010.1:
c2473140f61385cecdc8ef9ac88dc2e9 2010.1/i586/libpam0-1.1.1-2.1mdv2010.1.i586.rpm
7eec14ba49ec3297e7cfadadc67c3c9f 2010.1/i586/libpam-devel-1.1.1-2.1mdv2010.1.i586.rpm
912c5cda86fba68e867bef8db80d541c 2010.1/i586/pam-1.1.1-2.1mdv2010.1.i586.rpm
e64a7bbb0dd34cc24bcbab56135f80a5 2010.1/i586/pam-doc-1.1.1-2.1mdv2010.1.i586.rpm
c70e6904e0b740e408ee6bef1d932244 2010.1/SRPMS/pam-1.1.1-2.1mdv2010.1.src.rpm
Mandriva Linux 2010.1/X86_64:
c736e5498b71924f834104c6a2a1be46 2010.1/x86_64/lib64pam0-1.1.1-2.1mdv2010.1.x86_64.rpm
6cfabb68e6305e5d5491a4cad6c5fff3 2010.1/x86_64/lib64pam-devel-1.1.1-2.1mdv2010.1.x86_64.rpm
0724a47819b4409b3a819aae12588fe0 2010.1/x86_64/pam-1.1.1-2.1mdv2010.1.x86_64.rpm
247cd2094ce66f3e28e78927ed5d187e 2010.1/x86_64/pam-doc-1.1.1-2.1mdv2010.1.x86_64.rpm
c70e6904e0b740e408ee6bef1d932244 2010.1/SRPMS/pam-1.1.1-2.1mdv2010.1.src.rpm
Mandriva Enterprise Server 5:
1d08c70aaa1fdfabf369d3e9b7a89e65 mes5/i586/libpam0-0.99.8.1-16.2mdvmes5.1.i586.rpm
fd1f3904da9590669e00c5691759f91c mes5/i586/libpam-devel-0.99.8.1-16.2mdvmes5.1.i586.rpm
f56f1a78e2e00f770edef9694b91b9e2 mes5/i586/pam-0.99.8.1-16.2mdvmes5.1.i586.rpm
e8693a4476626d18db11316bb7fd9c83 mes5/i586/pam-doc-0.99.8.1-16.2mdvmes5.1.i586.rpm
3d07636e6b1208d0fbca2c0ab7d6093c mes5/SRPMS/pam-0.99.8.1-16.2mdvmes5.1.src.rpm
Mandriva Enterprise Server 5/X86_64:
5eefd3d906380879ad076d7da77dd29e mes5/x86_64/lib64pam0-0.99.8.1-16.2mdvmes5.1.x86_64.rpm
c6f5637f2e7c286138aa97c93aede29e mes5/x86_64/lib64pam-devel-0.99.8.1-16.2mdvmes5.1.x86_64.rpm
83f190e1bb31f79cfd4abe7abd2373aa mes5/x86_64/pam-0.99.8.1-16.2mdvmes5.1.x86_64.rpm
7223e7bda42555384e72cb5cdb51c795 mes5/x86_64/pam-doc-0.99.8.1-16.2mdvmes5.1.x86_64.rpm
3d07636e6b1208d0fbca2c0ab7d6093c mes5/SRPMS/pam-0.99.8.1-16.2mdvmes5.1.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iD8DBQFM0ncTmqjQ0CJFipgRAqNFAJ4yPDjEu3NR/hfuktfIRjaDG/g4UACcCsem
cCMZd7MopuesEKLGj+k6B8A=
=bth2
-----END PGP SIGNATURE-----
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed