Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 386273 - sys-libs/pam: multiple vulnerabilities (CVE-2010-{3316,3430,3431,3435,3853,4706,4707,4708})
Summary: sys-libs/pam: multiple vulnerabilities (CVE-2010-{3316,3430,3431,3435,3853,47...
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal major (vote)
Assignee: Gentoo Security
URL:
Whiteboard: A2 [glsa]
Keywords:
Depends on:
Blocks:
 
Reported: 2011-10-08 13:01 UTC by GLSAMaker/CVETool Bot
Modified: 2012-06-25 19:10 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description GLSAMaker/CVETool Bot gentoo-dev 2011-10-08 13:01:45 UTC
CVE-2010-4708 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4708):
  The pam_env module in Linux-PAM (aka pam) 1.1.2 and earlier reads the
  .pam_environment file in a user's home directory, which might allow local
  users to run programs with an unintended environment by executing a program
  that relies on the pam_env PAM check.

CVE-2010-4707 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4707):
  The check_acl function in pam_xauth.c in the pam_xauth module in Linux-PAM
  (aka pam) 1.1.2 and earlier does not verify that a certain ACL file is a
  regular file, which might allow local users to cause a denial of service
  (resource consumption) via a special file.

CVE-2010-4706 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4706):
  The pam_sm_close_session function in pam_xauth.c in the pam_xauth module in
  Linux-PAM (aka pam) 1.1.2 and earlier does not properly handle a failure to
  determine a certain target uid, which might allow local users to delete
  unintended files by executing a program that relies on the pam_xauth PAM
  check.

CVE-2010-3853 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3853):
  pam_namespace.c in the pam_namespace module in Linux-PAM (aka pam) before
  1.1.3 uses the environment of the invoking application or service during
  execution of the namespace.init script, which might allow local users to
  gain privileges by running a setuid program that relies on the pam_namespace
  PAM check, as demonstrated by the sudo program.

CVE-2010-3435 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3435):
  The (1) pam_env and (2) pam_mail modules in Linux-PAM (aka pam) before 1.1.2
  use root privileges during read access to files and directories that belong
  to arbitrary user accounts, which might allow local users to obtain
  sensitive information by leveraging this filesystem activity, as
  demonstrated by a symlink attack on the .pam_environment file in a user's
  home directory.

CVE-2010-3431 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3431):
  The privilege-dropping implementation in the (1) pam_env and (2) pam_mail
  modules in Linux-PAM (aka pam) 1.1.2 does not check the return value of the
  setfsuid system call, which might allow local users to obtain sensitive
  information by leveraging an unintended uid, as demonstrated by a symlink
  attack on the .pam_environment file in a user's home directory.  NOTE: this
  vulnerability exists because of an incomplete fix for CVE-2010-3435.

CVE-2010-3430 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3430):
  The privilege-dropping implementation in the (1) pam_env and (2) pam_mail
  modules in Linux-PAM (aka pam) 1.1.2 does not perform the required setfsgid
  and setgroups system calls, which might allow local users to obtain
  sensitive information by leveraging unintended group permissions, as
  demonstrated by a symlink attack on the .pam_environment file in a user's
  home directory.  NOTE: this vulnerability exists because of an incomplete
  fix for CVE-2010-3435.

CVE-2010-3316 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3316):
  The run_coprocess function in pam_xauth.c in the pam_xauth module in
  Linux-PAM (aka pam) before 1.1.2 does not check the return values of the
  setuid, setgid, and setgroups system calls, which might allow local users to
  read arbitrary files by executing a program that relies on the pam_xauth PAM
  check.
Comment 1 GLSAMaker/CVETool Bot gentoo-dev 2012-06-25 19:10:51 UTC
This issue was resolved and addressed in
 GLSA 201206-31 at http://security.gentoo.org/glsa/glsa-201206-31.xml
by GLSA coordinator Stefan Behte (craig).