MDKSA-2003:017-1
- Package name
- pam
- Date
- 2003-04-28
- Advisory ID
- MDKSA-2003:017-1
- Affected versions
- MNF8.2 i586 , 8.2 i586 , CS2.1 i586 , 8.2 i586 , 9.0 i586
Problem description
Andreas Beck discovered that the pam_xauth module would forward authorization information from the root account to unprivileged users. This can be exploited by a local attacker to gain access to the root user's X session. In order for it to be successfully exploited, the attacker would have to somehow get the root user to su to the account belonging to the attacker. Update: The previous fix was incorrect because certain applications, such as userdrake and net_monitor could not be executed as root, although they could be executed as users who successfully authenticated as root.
Updated packages
MNF8.2 i586
709506d5d500486efcc5d35a543fe9b3 mnf8.2/RPMS/pam-0.75-25.2mdk.i586.rpm aeddf8bd57bf469e2a1ff293471c7585 mnf8.2/SRPMS/pam-0.75-25.2mdk.src.rpm
8.2 i586
525eed58c1581c301a57489164d7a698 ppc/8.2/RPMS/pam-0.75-25.2mdk.ppc.rpm 7db1aed626b2413e0f3c1b4c555de6dd ppc/8.2/RPMS/pam-devel-0.75-25.2mdk.ppc.rpm 88ce92857b13e18100cf42091f3f0fee ppc/8.2/RPMS/pam-doc-0.75-25.2mdk.ppc.rpm aeddf8bd57bf469e2a1ff293471c7585 ppc/8.2/SRPMS/pam-0.75-25.2mdk.src.rpm
CS2.1 i586
642e1ead88ac4679f9bbad1d8174a79b corporate/2.1/RPMS/pam-0.75-25.2mdk.i586.rpm 47879bd2cd7468565296c804214e7fa4 corporate/2.1/RPMS/pam-devel-0.75-25.2mdk.i586.rpm e421f141318950a00d5efd745726643a corporate/2.1/RPMS/pam-doc-0.75-25.2mdk.i586.rpm aeddf8bd57bf469e2a1ff293471c7585 corporate/2.1/SRPMS/pam-0.75-25.2mdk.src.rpm
8.2 i586
709506d5d500486efcc5d35a543fe9b3 8.2/RPMS/pam-0.75-25.2mdk.i586.rpm 9371a15d63964d3dce4181482afdbed5 8.2/RPMS/pam-devel-0.75-25.2mdk.i586.rpm 44e824293900efca4d55d659d4d5a217 8.2/RPMS/pam-doc-0.75-25.2mdk.i586.rpm aeddf8bd57bf469e2a1ff293471c7585 8.2/SRPMS/pam-0.75-25.2mdk.src.rpm
9.0 i586
642e1ead88ac4679f9bbad1d8174a79b 9.0/RPMS/pam-0.75-25.2mdk.i586.rpm 47879bd2cd7468565296c804214e7fa4 9.0/RPMS/pam-devel-0.75-25.2mdk.i586.rpm e421f141318950a00d5efd745726643a 9.0/RPMS/pam-doc-0.75-25.2mdk.i586.rpm aeddf8bd57bf469e2a1ff293471c7585 9.0/SRPMS/pam-0.75-25.2mdk.src.rpm