Date: Mon, 27 Sep 2010 16:18:55 -0400 (EDT) From: Josh Bressers <bressers@...hat.com> To: oss-security@...ts.openwall.com Cc: coley <coley@...re.org> Subject: Re: Minor security flaw with pam_xauth ----- "Solar Designer" <solar@...nwall.com> wrote: Thank you for doing this, it's most apprecited. > > pam_xauth missing return value checks from setuid() and similar calls, > fixed in Linux-PAM 1.1.2 - CVE-2010-3316 > > pam_env and pam_mail accessing the target user's files as root (and thus > susceptible to attacks by the user) in Linux-PAM below 1.1.2, partially > fixed in 1.1.2 - no CVE ID mentioned yet Use CVE-2010-3435 for this one. > > pam_env and pam_mail in Linux-PAM 1.1.2 not switching fsgid (or egid) and > groups when accessing the target user's files (and thus potentially > susceptible to attacks by the user) - CVE-2010-3430 > > pam_env and pam_mail in Linux-PAM 1.1.2 not checking whether the > setfsuid() calls succeed (no known impact with current Linux kernels, but > poor practice in general) - CVE-2010-3431 > > Now, in case someone fixes CVE-2010-3430 but fails to add return value > checks for the added calls, we'll need yet another CVE ID for the partial > fix... but I hope this won't happen. > Let's hope not. I guess if they do, they can request a new ID. Thanks. -- JB
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ