oss-sec mailing list archives
Re: Minor security flaw with pam_xauth
From: Josh Bressers <bressers () redhat com>
Date: Tue, 21 Sep 2010 14:57:23 -0400 (EDT)
----- "Solar Designer" <solar () openwall com> wrote:
On Mon, Aug 16, 2010 at 12:05:13PM +0100, Tim Brown wrote:Here's another bug where privileged code isn't checking the returnvalue fromsetuid():http://sourceforge.net/tracker/?func=detail&aid=3028213&group_id=6663&atid=106663 This is fixed in Linux-PAM 1.1.2: http://git.altlinux.org/people/ldv/packages/?p=pam.git;a=commitdiff;h=06f882f30092a39a1db867c9744b2ca8d60e4ad6
Let's use CVE-2010-3316 for the above flaw.
The same commit also introduces previously-missing privilege switching into pam_env and pam_mail. Unfortunately, this pam_env and pam_mail fix is incomplete: it only switches the fsuid (should also switch fsgid (or egid) and groups), and it fails to check the return value from setfsuid() (doing so would require duplicate calls to setfsuid(), like we do in libtcb, or switching of euid instead - yet it is desirable).
This one is a bit on the tricky side. I'm going to call it "improper setfsuid use" so we can use just one CVE instead of two (as the flaws are related): Use CVE-2010-3430 Steve, feel free to overrule me if MITRE doesn't like this. Thanks. -- JB
Current thread:
- Minor security flaw with pam_xauth Tim Brown (Aug 16)
- Re: Minor security flaw with pam_xauth Steven M. Christey (Aug 16)
- Re: Minor security flaw with pam_xauth Solar Designer (Sep 21)
- Re: Minor security flaw with pam_xauth Josh Bressers (Sep 21)
- Re: Minor security flaw with pam_xauth Steven M. Christey (Sep 21)
- Re: Minor security flaw with pam_xauth Josh Bressers (Sep 21)
- Re: Minor security flaw with pam_xauth Solar Designer (Sep 21)
- Re: Minor security flaw with pam_xauth Josh Bressers (Sep 21)
- Re: Minor security flaw with pam_xauth Solar Designer (Sep 24)
- Re: Minor security flaw with pam_xauth Vincent Danen (Sep 27)
- Re: Minor security flaw with pam_xauth Vincent Danen (Sep 27)
- Re: Minor security flaw with pam_xauth Solar Designer (Sep 27)
- Re: Minor security flaw with pam_xauth Solar Designer (Sep 27)
- Re: Minor security flaw with pam_xauth Josh Bressers (Sep 21)
- Re: Minor security flaw with pam_xauth Josh Bressers (Sep 27)