Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Tue, 21 Sep 2010 14:57:23 -0400 (EDT)
From: Josh Bressers <>
Cc: coley <>
Subject: Re: Minor security flaw with pam_xauth

----- "Solar Designer" <> wrote:

> On Mon, Aug 16, 2010 at 12:05:13PM +0100, Tim Brown wrote:
> > Here's another bug where privileged code isn't checking the return
> value from 
> > setuid():
> > 
> >
> This is fixed in Linux-PAM 1.1.2:

Let's use CVE-2010-3316 for the above flaw.

> The same commit also introduces previously-missing privilege switching
> into pam_env and pam_mail.  Unfortunately, this pam_env and pam_mail fix
> is incomplete: it only switches the fsuid (should also switch fsgid (or
> egid) and groups), and it fails to check the return value from setfsuid()
> (doing so would require duplicate calls to setfsuid(), like we do in
> libtcb, or switching of euid instead - yet it is desirable).

This one is a bit on the tricky side. I'm going to call it "improper
setfsuid use" so we can use just one CVE instead of two (as the flaws are

Use CVE-2010-3430

Steve, feel free to overrule me if MITRE doesn't like this.



Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ