-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - -------------------------------------------------------------------------- CONECTIVA LINUX SECURITY ANNOUNCEMENT - -------------------------------------------------------------------------- PACKAGE : pam SUMMARY : Local vulnerability in the pam_xauth module DATE : 2003-07-10 12:06:00 ID : CLA-2003:693 RELEVANT RELEASES : 8 - ------------------------------------------------------------------------- DESCRIPTION PAM is the authentication system used in Linux. There are several authentication modules making part of this system, and pam_xauth is one of them. This module can be used to allow the forwarding of X credentials from one user to another in order to share an X display. It is particularly useful in applications such as "su". Andreas Beck discovered[1] a vulnerability in the use of pam_xauth by the su utility. If the attacker can make one user run su from an X session, he can steal the X credentials and execute programs in the X display of the user running su. The worst scenario is the one where an administrator, logged as root, uses "su" to an account belonging to an attacker. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2002-1160 to this issue[2]. This update contains a patch that adds ACL (Access Control List) functionality to pam_xauth and does not forward the X credentials from the root user by default. SOLUTION All users should upgrade. REFERENCES: 1.http://marc.theaimsgroup.com/?l=bugtraq&m=104431622818954&w=2 2.http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1160 UPDATED PACKAGES ftp://atualizacoes.conectiva.com.br/8/RPMS/pam-0.75-5U80_1cl.i386.rpm ftp://atualizacoes.conectiva.com.br/8/RPMS/pam-devel-0.75-5U80_1cl.i386.rpm ftp://atualizacoes.conectiva.com.br/8/RPMS/pam-devel-static-0.75-5U80_1cl.i386.rpm ftp://atualizacoes.conectiva.com.br/8/SRPMS/pam-0.75-5U80_1cl.src.rpm ADDITIONAL INSTRUCTIONS The apt tool can be used to perform RPM packages upgrades: - run: apt-get update - after that, execute: apt-get upgrade Detailed instructions reagarding the use of apt and upgrade examples can be found at http://distro.conectiva.com.br/atualizacoes/#apt?idioma=en - ------------------------------------------------------------------------- All packages are signed with Conectiva's GPG key. The key and instructions on how to import it can be found at http://distro.conectiva.com.br/seguranca/chave/?idioma=en Instructions on how to check the signatures of the RPM packages can be found at http://distro.conectiva.com.br/seguranca/politica/?idioma=en - ------------------------------------------------------------------------- All our advisories and generic update instructions can be viewed at http://distro.conectiva.com.br/atualizacoes/?idioma=en - ------------------------------------------------------------------------- Copyright (c) 2003 Conectiva Inc. http://www.conectiva.com - ------------------------------------------------------------------------- subscribe: conectiva-updates-subscribeat_private unsubscribe: conectiva-updates-unsubscribeat_private -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE/DbpF42jd0JmAcZARAkbPAKCg2Uye+10ZT2XCosSlHiBAZM6q3QCg6amC ReHPNA9kJ41BiBcrwLECeGI= =OyaZ -----END PGP SIGNATURE-----
This archive was generated by hypermail 2b30 : Thu Jul 10 2003 - 14:16:10 PDT