Nom du paquet
pam
Date
2003-04-28
Advisory ID
MDKSA-2003:017-1
Affected versions
MNF8.2 i586 , 8.2 i586 , CS2.1 i586 , 8.2 i586 , 9.0 i586

Problem description

Andreas Beck discovered that the pam_xauth module would forward authorization information from the root account to unprivileged users. This can be exploited by a local attacker to gain access to the root user's X session. In order for it to be successfully exploited, the attacker would have to somehow get the root user to su to the account belonging to the attacker. Update: The previous fix was incorrect because certain applications, such as userdrake and net_monitor could not be executed as root, although they could be executed as users who successfully authenticated as root.

Updated packages

MNF8.2 i586

 709506d5d500486efcc5d35a543fe9b3  mnf8.2/RPMS/pam-0.75-25.2mdk.i586.rpm
aeddf8bd57bf469e2a1ff293471c7585  mnf8.2/SRPMS/pam-0.75-25.2mdk.src.rpm

8.2 i586

 525eed58c1581c301a57489164d7a698  ppc/8.2/RPMS/pam-0.75-25.2mdk.ppc.rpm
7db1aed626b2413e0f3c1b4c555de6dd  ppc/8.2/RPMS/pam-devel-0.75-25.2mdk.ppc.rpm
88ce92857b13e18100cf42091f3f0fee  ppc/8.2/RPMS/pam-doc-0.75-25.2mdk.ppc.rpm
aeddf8bd57bf469e2a1ff293471c7585  ppc/8.2/SRPMS/pam-0.75-25.2mdk.src.rpm

CS2.1 i586

 642e1ead88ac4679f9bbad1d8174a79b  corporate/2.1/RPMS/pam-0.75-25.2mdk.i586.rpm
47879bd2cd7468565296c804214e7fa4  corporate/2.1/RPMS/pam-devel-0.75-25.2mdk.i586.rpm
e421f141318950a00d5efd745726643a  corporate/2.1/RPMS/pam-doc-0.75-25.2mdk.i586.rpm
aeddf8bd57bf469e2a1ff293471c7585  corporate/2.1/SRPMS/pam-0.75-25.2mdk.src.rpm

8.2 i586

 709506d5d500486efcc5d35a543fe9b3  8.2/RPMS/pam-0.75-25.2mdk.i586.rpm
9371a15d63964d3dce4181482afdbed5  8.2/RPMS/pam-devel-0.75-25.2mdk.i586.rpm
44e824293900efca4d55d659d4d5a217  8.2/RPMS/pam-doc-0.75-25.2mdk.i586.rpm
aeddf8bd57bf469e2a1ff293471c7585  8.2/SRPMS/pam-0.75-25.2mdk.src.rpm

9.0 i586

 642e1ead88ac4679f9bbad1d8174a79b  9.0/RPMS/pam-0.75-25.2mdk.i586.rpm
47879bd2cd7468565296c804214e7fa4  9.0/RPMS/pam-devel-0.75-25.2mdk.i586.rpm
e421f141318950a00d5efd745726643a  9.0/RPMS/pam-doc-0.75-25.2mdk.i586.rpm
aeddf8bd57bf469e2a1ff293471c7585  9.0/SRPMS/pam-0.75-25.2mdk.src.rpm

References