Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 199193 (CVE-2007-1716) - sys-auth/pam_console sys-libs/pam <=0.78 Console devices ownership privilege escalation (CVE-2007-1716)
Summary: sys-auth/pam_console sys-libs/pam <=0.78 Console devices ownership privilege ...
Status: RESOLVED FIXED
Alias: CVE-2007-1716
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: High minor (vote)
Assignee: Gentoo Security
URL: https://bugzilla.redhat.com/show_bug....
Whiteboard: A4 [noglsa]
Keywords:
Depends on:
Blocks:
 
Reported: 2007-11-14 23:36 UTC by Robert Buchholz (RETIRED)
Modified: 2007-12-10 21:47 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments
pam-0.99.7.1-console-decrement.patch (pam-0.99.7.1-console-decrement.patch,1.85 KB, patch)
2007-11-14 23:39 UTC, Robert Buchholz (RETIRED)
no flags Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Robert Buchholz (RETIRED) gentoo-dev 2007-11-14 23:36:35 UTC
CVE-2007-1716 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-1716):
  pam_console does not properly restore ownership for certain console devices
  when there are multiple users logged into the console and one user logs out,
  which might allow local users to gain privileges.
Comment 1 Robert Buchholz (RETIRED) gentoo-dev 2007-11-14 23:38:54 UTC
Pam herd, can you confirm this bug still exists in our version of pam_console?
Comment 2 Robert Buchholz (RETIRED) gentoo-dev 2007-11-14 23:39:21 UTC
Created attachment 136004 [details, diff]
pam-0.99.7.1-console-decrement.patch

Patch applied by RedHat
Comment 3 Diego Elio Pettenò (RETIRED) gentoo-dev 2007-11-15 12:22:05 UTC
It has always been the case and it's my main reason for detesting pam_console.

Thank you for giving me the excuse^Wreason to get rid of pam_console entirely :)
Comment 4 Robert Buchholz (RETIRED) gentoo-dev 2007-11-15 12:50:11 UTC
That is, you advise to mask and last-rite it?

There's no use for it anymore?
Comment 5 Diego Elio Pettenò (RETIRED) gentoo-dev 2007-11-15 12:56:48 UTC
My advise would be to cvs rm -f it...
Yes there is still an use case for it, but it's supposedly going to be covered by consolekit, and there is too much burden with it. I won't maintain pam_console, I said that already, and I doubt there is anyone else right now wanting to maintain it. It's defective by design.
Comment 6 Robert Buchholz (RETIRED) gentoo-dev 2007-11-15 13:06:13 UTC
Sounds good, please mask and last-rite then. We'll prepare a mask-glsa as soon as it's on its way.
Comment 7 Diego Elio Pettenò (RETIRED) gentoo-dev 2007-11-15 13:11:34 UTC
There's also the problem that ~sys-libs/pam-0.78 still carries pam_console. If you're fine with it I'll remove the keywords for all arches but mips (that hasn't neither ~mipsed nor mipsed 0.99 series - otherwise 0.99 is stable for all arches).
Comment 8 Robert Buchholz (RETIRED) gentoo-dev 2007-11-15 16:02:09 UTC
sounds good.
Comment 9 Robert Buchholz (RETIRED) gentoo-dev 2007-11-15 22:41:57 UTC
masked, last-rited. and maskglsa filed.
Comment 10 Robert Buchholz (RETIRED) gentoo-dev 2007-11-16 00:28:38 UTC
Rerating B4 as the impact is only information leak.
Comment 11 Robert Buchholz (RETIRED) gentoo-dev 2007-11-16 00:31:42 UTC
Rerating ~4, this was never stable. Let's wait until it's gone then.
Comment 12 Diego Elio Pettenò (RETIRED) gentoo-dev 2007-11-16 10:03:02 UTC
sys-libs/pam-0.78 was stable till a few weeks ago.
Comment 13 Robert Buchholz (RETIRED) gentoo-dev 2007-11-16 14:13:03 UTC
Right, since about Oct. 20.

GLSA vote for pam now open. I tend to vote no.
Comment 14 Glynn Clements 2007-11-28 18:04:55 UTC
ConsoleKit is not a substitute as it requires X

Comment 15 Diego Elio Pettenò (RETIRED) gentoo-dev 2007-11-28 19:31:12 UTC
No it does not. And please leave this bug alone if it has nothing to add to security team.
Comment 16 Pierre-Yves Rofes (RETIRED) gentoo-dev 2007-12-10 21:47:13 UTC
votin no too, and finally closing, sorry for the delay.