mailing list archives
Re: Minor security flaw with pam_xauth
From: Solar Designer <solar () openwall com>
Date: Mon, 25 Oct 2010 07:50:06 +0400
Dmitry has produced a patch against Linux-PAM 1.1.2 with the fixes
mentioned in the quoted message below.
This is Linux-PAM-1.1.2-up-20101011.diff (same as the changes made
upstream) and Linux-PAM-1.1.2-owl-Makefile.diff.
We already have this in Owl, documented as follows:
2010/10/18 Package: pam
SECURITY FIX Severity: none to medium, local, active
Updated to 1.1.2+ snapshot 20101011. This code revision introduces the
proper privilege switching into pam_env, pam_mail, and pam_xauth. None
of these modules are in use on default installs of Owl, and they never
were, hence there was no impact for default installs.
I am posting this in case others want to have the issues fixed before
the 1.1.3 release comes out.
On Mon, Oct 04, 2010 at 02:00:03AM +0400, Dmitry V. Levin wrote:
The patch that fixes CVE-2010-3430 and CVE-2010-3431 was just made public:
Besides that, another two issues have been fixed in pam_xauth after
Linux-PAM 1.1.2 release:
In pam_sm_close_session(), the attempt to unlink cookie file was made
without dropping privileges at all if target uid could not be determined:
In check_acl(), there were no check that the acl file provided by target
user is a regular file: