oss-sec mailing list archives
Re: pam_timestamp internals
From: cve-assign () mitre org
Date: Wed, 26 Mar 2014 16:05:50 -0400 (EDT)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
I came across some implications of pam_timestamp ... it aims to mimic sudo timestamp tickets
there seems to be a path traversal issue
Use CVE-2014-2583. As usual, there are not separate CVE IDs for the different impacts.
One should probably take care to not accidently include pam_timestamp in a config file for a remote service, as chance is high that the RUSER/TTY is used incorrectly, even when the user string is checked via getpwnam(). It should probably be documented in pam_timestamp's manpage.
There is no CVE ID for the issue in which the documentation might not be sufficient to prevent all problematic uses of pam_timestamp in conjunction with remote services. The documentation at http://www.linux-pam.org/Linux-PAM-html/sag-pam_timestamp.html and elsewhere specifically mentions "This is similar mechanism which is used in sudo" and "FILES /var/run/sudo/..." in fairly prominent ways. The documentation is not directly misleading, i.e., there doesn't seem to be any implication that a remote service is a recommended use case. - -- CVE assignment team, MITRE CVE Numbering Authority M/S M300 202 Burlington Road, Bedford, MA 01730 USA [ PGP key available through http://cve.mitre.org/cve/request_id.html ] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.14 (SunOS) iQEcBAEBAgAGBQJTMy96AAoJEKllVAevmvms7JkH/0GC/rQ0JAYaYMEX88iZM4Fk eUU33cqGX2UZkHwZ0HCMoyi521ptE31rllfBNqcuhdOc/X06pY/zq16Cbfc9yPGr PYGzMou5KjoKscEov4ma3J/FVgrDMGHKp6uU/RGsEllr3qrEOx92sOKP4dw5nteC 6b8B7b8KQXBRGWdAg0ydFU1KSFdQxpNU7ii9FUMYHswohubgGyYbkbWMltyICHWd CRYNiZtIyou2hX80otdXi2p/ezVZuovtfgQbwjtYhehUDn46MV09lhWRVJZmDH+L IaEwd2wjGNyV07NcBIt+NLghRNCW7U2oct1wdxg4R6wbVW0NBYJAgynVqTAEDLo= =dQxv -----END PGP SIGNATURE-----
Current thread:
- pam_timestamp internals Sebastian Krahmer (Mar 24)
- Re: pam_timestamp internals cve-assign (Mar 26)
- Re: pam_timestamp internals Dmitry V. Levin (Mar 31)
- Re: pam_timestamp internals Sebastian Krahmer (Mar 31)
- Re: pam_timestamp internals Dmitry V. Levin (Mar 31)
- Re: pam_timestamp internals Sebastian Krahmer (Mar 31)
- Re: pam_timestamp internals Sebastian Krahmer (Mar 31)