oss-sec mailing list archives
Re: Minor security flaw with pam_xauth
From: Josh Bressers <bressers () redhat com>
Date: Mon, 27 Sep 2010 16:18:55 -0400 (EDT)
----- "Solar Designer" <solar () openwall com> wrote: Thank you for doing this, it's most apprecited.
pam_xauth missing return value checks from setuid() and similar calls, fixed in Linux-PAM 1.1.2 - CVE-2010-3316 pam_env and pam_mail accessing the target user's files as root (and thus susceptible to attacks by the user) in Linux-PAM below 1.1.2, partially fixed in 1.1.2 - no CVE ID mentioned yet
Use CVE-2010-3435 for this one.
pam_env and pam_mail in Linux-PAM 1.1.2 not switching fsgid (or egid) and groups when accessing the target user's files (and thus potentially susceptible to attacks by the user) - CVE-2010-3430 pam_env and pam_mail in Linux-PAM 1.1.2 not checking whether the setfsuid() calls succeed (no known impact with current Linux kernels, but poor practice in general) - CVE-2010-3431 Now, in case someone fixes CVE-2010-3430 but fails to add return value checks for the added calls, we'll need yet another CVE ID for the partial fix... but I hope this won't happen.
Let's hope not. I guess if they do, they can request a new ID. Thanks. -- JB
Current thread:
- Re: Minor security flaw with pam_xauth, (continued)
- Re: Minor security flaw with pam_xauth Josh Bressers (Sep 21)
- Re: Minor security flaw with pam_xauth Steven M. Christey (Sep 21)
- Re: Minor security flaw with pam_xauth Josh Bressers (Sep 21)
- Re: Minor security flaw with pam_xauth Solar Designer (Sep 21)
- Re: Minor security flaw with pam_xauth Josh Bressers (Sep 21)
- Re: Minor security flaw with pam_xauth Solar Designer (Sep 24)
- Re: Minor security flaw with pam_xauth Vincent Danen (Sep 27)
- Re: Minor security flaw with pam_xauth Vincent Danen (Sep 27)
- Re: Minor security flaw with pam_xauth Solar Designer (Sep 27)
- Re: Minor security flaw with pam_xauth Solar Designer (Sep 27)
- Re: Minor security flaw with pam_xauth Josh Bressers (Sep 21)
- Re: Minor security flaw with pam_xauth Josh Bressers (Sep 27)