=========================================================== Ubuntu Security Notice USN-959-1 July 07, 2010 pam vulnerability CVE-2010-0832 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 9.10 Ubuntu 10.04 LTS This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 9.10: libpam-modules 1.1.0-2ubuntu1.1 Ubuntu 10.04 LTS: libpam-modules 1.1.1-2ubuntu5 In general, a standard system update will make all the necessary changes. Details follow: Denis Excoffier discovered that the PAM MOTD module in Ubuntu did not correctly handle path permissions when creating user file stamps. A local attacker could exploit this to gain root privilieges. Updated packages for Ubuntu 9.10: Source archives: http://security.ubuntu.com/ubuntu/pool/main/p/pam/pam_1.1.0-2ubuntu1.1.diff.gz Size/MD5: 260774 2ec56b644febfb1fd3c3a5f2a2361130 http://security.ubuntu.com/ubuntu/pool/main/p/pam/pam_1.1.0-2ubuntu1.1.dsc Size/MD5: 1648 dac6d17eabee6953c017c62185414d16 http://security.ubuntu.com/ubuntu/pool/main/p/pam/pam_1.1.0.orig.tar.gz Size/MD5: 1739305 004ea633a4bd4d059e68f75b9fab4d35 Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/p/pam/libpam-doc_1.1.0-2ubuntu1.1_all.deb Size/MD5: 315856 28aedc3f904e50b54c9a2d7d5f691484 http://security.ubuntu.com/ubuntu/pool/main/p/pam/libpam-runtime_1.1.0-2ubuntu1.1_all.deb Size/MD5: 114826 b9d20a67aafade65b6af0cac023bdac7 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/p/pam/libpam-cracklib_1.1.0-2ubuntu1.1_amd64.deb Size/MD5: 84582 2722dd440bceb99682dc3429d6c66ab9 http://security.ubuntu.com/ubuntu/pool/main/p/pam/libpam-modules_1.1.0-2ubuntu1.1_amd64.deb Size/MD5: 381616 bc4b2d752054b26571b1551ee8fc3c24 http://security.ubuntu.com/ubuntu/pool/main/p/pam/libpam0g-dev_1.1.0-2ubuntu1.1_amd64.deb Size/MD5: 191018 7be9e071f3636b80ca52373a635e017b http://security.ubuntu.com/ubuntu/pool/main/p/pam/libpam0g_1.1.0-2ubuntu1.1_amd64.deb Size/MD5: 127220 a8e5f4206fa6f65d77e55fdbea03e5df i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/p/pam/libpam-cracklib_1.1.0-2ubuntu1.1_i386.deb Size/MD5: 84230 fab89a299667ee0f37191662d1ec91b7 http://security.ubuntu.com/ubuntu/pool/main/p/pam/libpam-modules_1.1.0-2ubuntu1.1_i386.deb Size/MD5: 359888 243b7cd25c68b7bf7f497279af2260f0 http://security.ubuntu.com/ubuntu/pool/main/p/pam/libpam0g-dev_1.1.0-2ubuntu1.1_i386.deb Size/MD5: 188554 c5d5ae6cc4f1a773cc957e87b72cf417 http://security.ubuntu.com/ubuntu/pool/main/p/pam/libpam0g_1.1.0-2ubuntu1.1_i386.deb Size/MD5: 124250 d896c2a0b882135b34bae661a25c829f lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/p/pam/libpam-cracklib_1.1.0-2ubuntu1.1_lpia.deb Size/MD5: 84148 229e72e88d8c525ebac2d4d2086d8f8f http://ports.ubuntu.com/pool/main/p/pam/libpam-modules_1.1.0-2ubuntu1.1_lpia.deb Size/MD5: 358290 bf7479c4b8e9dded50c713f8c179cda9 http://ports.ubuntu.com/pool/main/p/pam/libpam0g-dev_1.1.0-2ubuntu1.1_lpia.deb Size/MD5: 187374 77a5308ea618047fba8e371e33db7852 http://ports.ubuntu.com/pool/main/p/pam/libpam0g_1.1.0-2ubuntu1.1_lpia.deb Size/MD5: 123886 3edf4fe8d51c3def26eae4d5b54a3c47 powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/p/pam/libpam-cracklib_1.1.0-2ubuntu1.1_powerpc.deb Size/MD5: 84792 8012d58474360ba290b418796f53b3dd http://ports.ubuntu.com/pool/main/p/pam/libpam-modules_1.1.0-2ubuntu1.1_powerpc.deb Size/MD5: 380980 e7b4f667271876091017a8e5c8fb6570 http://ports.ubuntu.com/pool/main/p/pam/libpam0g-dev_1.1.0-2ubuntu1.1_powerpc.deb Size/MD5: 188930 ea33722bea5e4304e968093b70396df9 http://ports.ubuntu.com/pool/main/p/pam/libpam0g_1.1.0-2ubuntu1.1_powerpc.deb Size/MD5: 127514 eb35897557798d4dc9a3394989441400 sparc architecture (Sun SPARC/UltraSPARC): http://ports.ubuntu.com/pool/main/p/pam/libpam-cracklib_1.1.0-2ubuntu1.1_sparc.deb Size/MD5: 84546 4579c413e373c930c15b1feea43f27c0 http://ports.ubuntu.com/pool/main/p/pam/libpam-modules_1.1.0-2ubuntu1.1_sparc.deb Size/MD5: 366918 ef7abe3044905be705692b7a09243dcd http://ports.ubuntu.com/pool/main/p/pam/libpam0g-dev_1.1.0-2ubuntu1.1_sparc.deb Size/MD5: 187018 e324318f10dd0c96fdc97cca1cbdeb07 http://ports.ubuntu.com/pool/main/p/pam/libpam0g_1.1.0-2ubuntu1.1_sparc.deb Size/MD5: 122882 b15ad14b406b6621e164a0bb237fa3ef Updated packages for Ubuntu 10.04: Source archives: http://security.ubuntu.com/ubuntu/pool/main/p/pam/pam_1.1.1-2ubuntu5.diff.gz Size/MD5: 238745 f085e37315451c2778ceeacad60966bf http://security.ubuntu.com/ubuntu/pool/main/p/pam/pam_1.1.1-2ubuntu5.dsc Size/MD5: 1636 1dfddb112a8f417c2b0fa62fa0d52744 http://security.ubuntu.com/ubuntu/pool/main/p/pam/pam_1.1.1.orig.tar.gz Size/MD5: 1799415 b4838d787dd9b046a4d6992e18b6ffac Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/p/pam/libpam-doc_1.1.1-2ubuntu5_all.deb Size/MD5: 314838 1cd62135ea43c9dedbb16f3c1da2c49d http://security.ubuntu.com/ubuntu/pool/main/p/pam/libpam-runtime_1.1.1-2ubuntu5_all.deb Size/MD5: 114802 e7abc7b52d847295555242288273f767 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/p/pam/libpam-cracklib_1.1.1-2ubuntu5_amd64.deb Size/MD5: 87274 c29e21faec36bcaebe35a48e080d79f5 http://security.ubuntu.com/ubuntu/pool/main/p/pam/libpam-modules_1.1.1-2ubuntu5_amd64.deb Size/MD5: 379988 198a067f524a4bb16ca9439f86391d71 http://security.ubuntu.com/ubuntu/pool/main/p/pam/libpam0g-dev_1.1.1-2ubuntu5_amd64.deb Size/MD5: 188710 ba81edf6c2392b055f4733f726bbaa7f http://security.ubuntu.com/ubuntu/pool/main/p/pam/libpam0g_1.1.1-2ubuntu5_amd64.deb Size/MD5: 126120 41fd43e5ee4d80e61fcb6559e3199a00 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/p/pam/libpam-cracklib_1.1.1-2ubuntu5_i386.deb Size/MD5: 86994 49edae786255f9b096fe4145a7d23ff7 http://security.ubuntu.com/ubuntu/pool/main/p/pam/libpam-modules_1.1.1-2ubuntu5_i386.deb Size/MD5: 358148 5e2b29f58356c82f5090554f5df912ae http://security.ubuntu.com/ubuntu/pool/main/p/pam/libpam0g-dev_1.1.1-2ubuntu5_i386.deb Size/MD5: 183276 64fa5b3e4ca8f5d30c92cd6425eb3cb0 http://security.ubuntu.com/ubuntu/pool/main/p/pam/libpam0g_1.1.1-2ubuntu5_i386.deb Size/MD5: 122720 70647b5716631abde54544e61efb9aea powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/p/pam/libpam-cracklib_1.1.1-2ubuntu5_powerpc.deb Size/MD5: 87594 87844d3898231769e9db4aee0d454d71 http://ports.ubuntu.com/pool/main/p/pam/libpam-modules_1.1.1-2ubuntu5_powerpc.deb Size/MD5: 379036 b5370dea49eba34b4fc564be97b305c4 http://ports.ubuntu.com/pool/main/p/pam/libpam0g-dev_1.1.1-2ubuntu5_powerpc.deb Size/MD5: 188712 00d91db20163f7a768aaeff1cbcbe539 http://ports.ubuntu.com/pool/main/p/pam/libpam0g_1.1.1-2ubuntu5_powerpc.deb Size/MD5: 126382 f0ec306eaa945316851d59d8b579c28f sparc architecture (Sun SPARC/UltraSPARC): http://ports.ubuntu.com/pool/main/p/pam/libpam-cracklib_1.1.1-2ubuntu5_sparc.deb Size/MD5: 87312 bf47bb8c5a9ce02f8d606b7021def8f7 http://ports.ubuntu.com/pool/main/p/pam/libpam-modules_1.1.1-2ubuntu5_sparc.deb Size/MD5: 372130 d78496ad4c242c89d8c7d0b62cd540c5 http://ports.ubuntu.com/pool/main/p/pam/libpam0g-dev_1.1.1-2ubuntu5_sparc.deb Size/MD5: 184682 dc7bd434195b4707e75ef9716d751f0f http://ports.ubuntu.com/pool/main/p/pam/libpam0g_1.1.1-2ubuntu5_sparc.deb Size/MD5: 122362 e2b1204eca46b0b6eab017c46a718c9a