Package name
pam
Date
2010-11-04
Advisory ID
MDVSA-2010:220
Affected versions
2009.0 x86_64 , MES5 i586 , 2010.1 i586 , 2010.0 x86_64 , 2010.0 i586 , 2009.1 i586 , 2009.0 i586 , 2009.1 x86_64 , MES5 x86_64 , 2010.1 x86_64

Problem description

Multiple vulnerabilities were discovered and corrected in pam:

The pam_xauth module did not verify the return values of the setuid()
and setgid() system calls. A local, unprivileged user could use this
flaw to execute the xauth command with root privileges and make it
read an arbitrary input file (CVE-2010-3316).

The pam_mail module used root privileges while accessing users'
files. In certain configurations, a local, unprivileged user could
use this flaw to obtain limited information about files or directories
that they do not have access to (CVE-2010-3435).

The pam_namespace module executed the external script namespace.init
with an unchanged environment inherited from an application calling
PAM. In cases where such an environment was untrusted (for example,
when pam_namespace was configured for setuid applications such as su
or sudo), a local, unprivileged user could possibly use this flaw to
escalate their privileges (CVE-2010-3853).

Packages for 2009.0 are provided as of the Extended Maintenance
Program. Please visit this link to learn more:
http://store.mandriva.com/product_info.php?cPath=149&products_id=490

The updated packages have been patched to correct these issues.

Updated packages

2009.0 x86_64

 35e03d6ab52fc14704180ff225ae0408  2009.0/x86_64/lib64pam0-0.99.8.1-16.2mdv2009.0.x86_64.rpm
 a93abeab91371f20c1a190e6511ec499  2009.0/x86_64/lib64pam-devel-0.99.8.1-16.2mdv2009.0.x86_64.rpm
 ef401ab8d6ca3fece20765f21e8a4b81  2009.0/x86_64/pam-0.99.8.1-16.2mdv2009.0.x86_64.rpm
 3d3f1d915d7e2b43a66c9417fedcd945  2009.0/x86_64/pam-doc-0.99.8.1-16.2mdv2009.0.x86_64.rpm 
 369f8fbf430e4e20ec2a049f2d5a8339  2009.0/SRPMS/pam-0.99.8.1-16.2mdv2009.0.src.rpm

MES5 i586

 1d08c70aaa1fdfabf369d3e9b7a89e65  mes5/i586/libpam0-0.99.8.1-16.2mdvmes5.1.i586.rpm
 fd1f3904da9590669e00c5691759f91c  mes5/i586/libpam-devel-0.99.8.1-16.2mdvmes5.1.i586.rpm
 f56f1a78e2e00f770edef9694b91b9e2  mes5/i586/pam-0.99.8.1-16.2mdvmes5.1.i586.rpm
 e8693a4476626d18db11316bb7fd9c83  mes5/i586/pam-doc-0.99.8.1-16.2mdvmes5.1.i586.rpm 
 3d07636e6b1208d0fbca2c0ab7d6093c  mes5/SRPMS/pam-0.99.8.1-16.2mdvmes5.1.src.rpm

2010.1 i586

 c2473140f61385cecdc8ef9ac88dc2e9  2010.1/i586/libpam0-1.1.1-2.1mdv2010.1.i586.rpm
 7eec14ba49ec3297e7cfadadc67c3c9f  2010.1/i586/libpam-devel-1.1.1-2.1mdv2010.1.i586.rpm
 912c5cda86fba68e867bef8db80d541c  2010.1/i586/pam-1.1.1-2.1mdv2010.1.i586.rpm
 e64a7bbb0dd34cc24bcbab56135f80a5  2010.1/i586/pam-doc-1.1.1-2.1mdv2010.1.i586.rpm 
 c70e6904e0b740e408ee6bef1d932244  2010.1/SRPMS/pam-1.1.1-2.1mdv2010.1.src.rpm

2010.0 x86_64

 cbc1a63c68a6e7928f165cb72b419c81  2010.0/x86_64/lib64pam0-1.1.0-6.1mdv2010.0.x86_64.rpm
 f4649e861830739a84c6e034c5a02d92  2010.0/x86_64/lib64pam-devel-1.1.0-6.1mdv2010.0.x86_64.rpm
 87fadece1f26a3a8fa81e13662f73835  2010.0/x86_64/pam-1.1.0-6.1mdv2010.0.x86_64.rpm
 0486af7fd18e4cff4e2d1a0c454fdb7f  2010.0/x86_64/pam-doc-1.1.0-6.1mdv2010.0.x86_64.rpm 
 796383329dba07f3fa05e998e166cdfd  2010.0/SRPMS/pam-1.1.0-6.1mdv2010.0.src.rpm

2010.0 i586

 6dd5a17484b94f93ba8a8cdc8a6994de  2010.0/i586/libpam0-1.1.0-6.1mdv2010.0.i586.rpm
 7649cc7d3dd4f756cec888c18a279f94  2010.0/i586/libpam-devel-1.1.0-6.1mdv2010.0.i586.rpm
 fb09c1526f0e43022aa09a53bda865a4  2010.0/i586/pam-1.1.0-6.1mdv2010.0.i586.rpm
 52cb306b585052044bc896d8a092d6da  2010.0/i586/pam-doc-1.1.0-6.1mdv2010.0.i586.rpm 
 796383329dba07f3fa05e998e166cdfd  2010.0/SRPMS/pam-1.1.0-6.1mdv2010.0.src.rpm

2009.1 i586

 c0c392fab146812a023e7633fe1ceeb7  2009.1/i586/libpam0-0.99.8.1-20.1mdv2009.1.i586.rpm
 947d0b3b9b90a05ce3a9977c1436c57e  2009.1/i586/libpam-devel-0.99.8.1-20.1mdv2009.1.i586.rpm
 4f99d7e29757bf81cc5cb60b5e01df48  2009.1/i586/pam-0.99.8.1-20.1mdv2009.1.i586.rpm
 ca875c8c456de2772265f922187ca4b4  2009.1/i586/pam-doc-0.99.8.1-20.1mdv2009.1.i586.rpm 
 31264e4b3f73ed96678d159af6d2e07b  2009.1/SRPMS/pam-0.99.8.1-20.1mdv2009.1.src.rpm

2009.0 i586

 69786ba211f064d06465cc7b1495c2d3  2009.0/i586/libpam0-0.99.8.1-16.2mdv2009.0.i586.rpm
 ad480c4220b456a3ea1c700e4aed85e4  2009.0/i586/libpam-devel-0.99.8.1-16.2mdv2009.0.i586.rpm
 53657e6972a7c54172beda78dec01747  2009.0/i586/pam-0.99.8.1-16.2mdv2009.0.i586.rpm
 badae4a2575ce217567a57caba4671e0  2009.0/i586/pam-doc-0.99.8.1-16.2mdv2009.0.i586.rpm 
 369f8fbf430e4e20ec2a049f2d5a8339  2009.0/SRPMS/pam-0.99.8.1-16.2mdv2009.0.src.rpm

2009.1 x86_64

 1b31bd9af45b6355e153086bf16215de  2009.1/x86_64/lib64pam0-0.99.8.1-20.1mdv2009.1.x86_64.rpm
 49b0cd7f2ebfcf3f051f1cfa1127bbe5  2009.1/x86_64/lib64pam-devel-0.99.8.1-20.1mdv2009.1.x86_64.rpm
 95090c3f50e47129f973f86a85b827f2  2009.1/x86_64/pam-0.99.8.1-20.1mdv2009.1.x86_64.rpm
 845484d6506e2ea62651932558822f63  2009.1/x86_64/pam-doc-0.99.8.1-20.1mdv2009.1.x86_64.rpm 
 31264e4b3f73ed96678d159af6d2e07b  2009.1/SRPMS/pam-0.99.8.1-20.1mdv2009.1.src.rpm

MES5 x86_64

 5eefd3d906380879ad076d7da77dd29e  mes5/x86_64/lib64pam0-0.99.8.1-16.2mdvmes5.1.x86_64.rpm
 c6f5637f2e7c286138aa97c93aede29e  mes5/x86_64/lib64pam-devel-0.99.8.1-16.2mdvmes5.1.x86_64.rpm
 83f190e1bb31f79cfd4abe7abd2373aa  mes5/x86_64/pam-0.99.8.1-16.2mdvmes5.1.x86_64.rpm
 7223e7bda42555384e72cb5cdb51c795  mes5/x86_64/pam-doc-0.99.8.1-16.2mdvmes5.1.x86_64.rpm 
 3d07636e6b1208d0fbca2c0ab7d6093c  mes5/SRPMS/pam-0.99.8.1-16.2mdvmes5.1.src.rpm

2010.1 x86_64

 c736e5498b71924f834104c6a2a1be46  2010.1/x86_64/lib64pam0-1.1.1-2.1mdv2010.1.x86_64.rpm
 6cfabb68e6305e5d5491a4cad6c5fff3  2010.1/x86_64/lib64pam-devel-1.1.1-2.1mdv2010.1.x86_64.rpm
 0724a47819b4409b3a819aae12588fe0  2010.1/x86_64/pam-1.1.1-2.1mdv2010.1.x86_64.rpm
 247cd2094ce66f3e28e78927ed5d187e  2010.1/x86_64/pam-doc-1.1.1-2.1mdv2010.1.x86_64.rpm 
 c70e6904e0b740e408ee6bef1d932244  2010.1/SRPMS/pam-1.1.1-2.1mdv2010.1.src.rpm

References