Date: Tue, 21 Sep 2010 14:57:23 -0400 (EDT) From: Josh Bressers <bressers@...hat.com> To: oss-security@...ts.openwall.com Cc: coley <coley@...re.org> Subject: Re: Minor security flaw with pam_xauth ----- "Solar Designer" <solar@...nwall.com> wrote: > On Mon, Aug 16, 2010 at 12:05:13PM +0100, Tim Brown wrote: > > Here's another bug where privileged code isn't checking the return > value from > > setuid(): > > > > > http://sourceforge.net/tracker/?func=detail&aid=3028213&group_id=6663&atid=106663 > > This is fixed in Linux-PAM 1.1.2: > > http://git.altlinux.org/people/ldv/packages/?p=pam.git;a=commitdiff;h=06f882f30092a39a1db867c9744b2ca8d60e4ad6 > Let's use CVE-2010-3316 for the above flaw. > The same commit also introduces previously-missing privilege switching > into pam_env and pam_mail. Unfortunately, this pam_env and pam_mail fix > is incomplete: it only switches the fsuid (should also switch fsgid (or > egid) and groups), and it fails to check the return value from setfsuid() > (doing so would require duplicate calls to setfsuid(), like we do in > libtcb, or switching of euid instead - yet it is desirable). > This one is a bit on the tricky side. I'm going to call it "improper setfsuid use" so we can use just one CVE instead of two (as the flaws are related): Use CVE-2010-3430 Steve, feel free to overrule me if MITRE doesn't like this. Thanks. -- JB
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ