SB2012062502 - Gentoo update for Linux-PAM

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2012062502

SB2012062502 - Gentoo update for Linux-PAM

Published: June 25, 2012 Updated: May 9, 2023

Security Bulletin ID SB2012062502
Severity
High
Patch available
YES
Number of vulnerabilities 10
Exploitation vector Remote access
Highest impact Code execution

Breakdown by Severity

High 20% Medium 50% Low 30%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 10 secuirty vulnerabilities.


1) Input validation error (CVE-ID: CVE-2010-3316)

The vulnerability allows a remote non-authenticated attacker to read and manipulate data.

The run_coprocess function in pam_xauth.c in the pam_xauth module in Linux-PAM (aka pam) before 1.1.2 does not check the return values of the setuid, setgid, and setgroups system calls, which might allow local users to read arbitrary files by executing a program that relies on the pam_xauth PAM check.


2) Input validation error (CVE-ID: CVE-2010-3430)

The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.

The privilege-dropping implementation in the (1) pam_env and (2) pam_mail modules in Linux-PAM (aka pam) 1.1.2 does not perform the required setfsgid and setgroups system calls, which might allow local users to obtain sensitive information by leveraging unintended group permissions, as demonstrated by a symlink attack on the .pam_environment file in a user's home directory. NOTE: this vulnerability exists because of an incomplete fix for CVE-2010-3435.


3) Input validation error (CVE-ID: CVE-2010-3431)

The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.

The privilege-dropping implementation in the (1) pam_env and (2) pam_mail modules in Linux-PAM (aka pam) 1.1.2 does not check the return value of the setfsuid system call, which might allow local users to obtain sensitive information by leveraging an unintended uid, as demonstrated by a symlink attack on the .pam_environment file in a user's home directory. NOTE: this vulnerability exists because of an incomplete fix for CVE-2010-3435.


4) Input validation error (CVE-ID: CVE-2010-3435)

The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.

The (1) pam_env and (2) pam_mail modules in Linux-PAM (aka pam) before 1.1.2 use root privileges during read access to files and directories that belong to arbitrary user accounts, which might allow local users to obtain sensitive information by leveraging this filesystem activity, as demonstrated by a symlink attack on the .pam_environment file in a user's home directory.


5) Input validation error (CVE-ID: CVE-2010-3853)

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

pam_namespace.c in the pam_namespace module in Linux-PAM (aka pam) before 1.1.3 uses the environment of the invoking application or service during execution of the namespace.init script, which might allow local users to gain privileges by running a setuid program that relies on the pam_namespace PAM check, as demonstrated by the sudo program.


6) Input validation error (CVE-ID: CVE-2010-4706)

The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.

The pam_sm_close_session function in pam_xauth.c in the pam_xauth module in Linux-PAM (aka pam) 1.1.2 and earlier does not properly handle a failure to determine a certain target uid, which might allow local users to delete unintended files by executing a program that relies on the pam_xauth PAM check.


7) Resource management error (CVE-ID: CVE-2010-4707)

The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.

The check_acl function in pam_xauth.c in the pam_xauth module in Linux-PAM (aka pam) 1.1.2 and earlier does not verify that a certain ACL file is a regular file, which might allow local users to cause a denial of service (resource consumption) via a special file.


8) Input validation error (CVE-ID: CVE-2010-4708)

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

The pam_env module in Linux-PAM (aka pam) 1.1.2 and earlier reads the .pam_environment file in a user's home directory, which might allow local users to run programs with an unintended environment by executing a program that relies on the pam_env PAM check.


9) Stack-based buffer overflow (CVE-ID: CVE-2011-3148)

The vulnerability allows a local user to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error within the _assemble_line() function in modules/pam_env/pam_env.c when processing a long string of white spaces at the beginning of the ~/.pam_environment file. A local user can trigger a stack-based buffer overflow and execute arbitrary code on the target system.


10) Buffer overflow (CVE-ID: CVE-2011-3149)

The vulnerability allows a local user to perform service disruption.

The _expand_arg function in the pam_env module (modules/pam_env/pam_env.c) in Linux-PAM (aka pam) before 1.1.5 does not properly handle when environment variable expansion can overflow, which allows local users to cause a denial of service (CPU consumption).


Remediation

Install update from vendor's website.

References