Skip to navigation

Security Advisory Moderate: pam security update

Advisory: RHSA-2010:0819-1
Type: Security Advisory
Severity: Moderate
Issued on: 2010-11-01
Last updated on: 2010-11-01
Affected Products: RHEL Desktop Workstation (v. 5 client)
Red Hat Enterprise Linux (v. 5 server)
Red Hat Enterprise Linux Desktop (v. 5 client)
CVEs (cve.mitre.org): CVE-2010-3316
CVE-2010-3435
CVE-2010-3853
CVE-2010-4707

Details

Updated pam packages that fix three security issues are now available for
Red Hat Enterprise Linux 5.

The Red Hat Security Response Team has rated this update as having moderate
security impact. Common Vulnerability Scoring System (CVSS) base scores,
which give detailed severity ratings, are available for each vulnerability
from the CVE links in the References section.

Pluggable Authentication Modules (PAM) provide a system whereby
administrators can set up authentication policies without having to
recompile programs that handle authentication.

It was discovered that the pam_namespace module executed the external
script namespace.init with an unchanged environment inherited from an
application calling PAM. In cases where such an environment was untrusted
(for example, when pam_namespace was configured for setuid applications
such as su or sudo), a local, unprivileged user could possibly use this
flaw to escalate their privileges. (CVE-2010-3853)

It was discovered that the pam_mail module used root privileges while
accessing users' files. In certain configurations, a local, unprivileged
user could use this flaw to obtain limited information about files or
directories that they do not have access to. (CVE-2010-3435)

It was discovered that the pam_xauth module did not verify the return
values of the setuid() and setgid() system calls. A local, unprivileged
user could use this flaw to execute the xauth command with root privileges
and make it read an arbitrary input file. (CVE-2010-3316)

Red Hat would like to thank Sebastian Krahmer of the SuSE Security Team for
reporting the CVE-2010-3435 issue.

All pam users should upgrade to these updated packages, which contain
backported patches to correct these issues.


Solution

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/docs/DOC-11259

Updated packages

RHEL Desktop Workstation (v. 5 client)
SRPMS:
pam-0.99.6.2-6.el5_5.2.src.rpm
File outdated by:  RHBA-2013:0032		     MD5: ad727b413f0d29cabbc38b5beee7ba6c
SHA-256: 9ed891431d644824d5623a56fcad35c5cc858fa016520ddcb2bce533aa3f8217
 
IA-32:
pam-devel-0.99.6.2-6.el5_5.2.i386.rpm
File outdated by:  RHBA-2013:0032		     MD5: 3c51274279428d672417422b3d252b79
SHA-256: a26389607f6ac3394cda85d670f82e56e01777a1c1ffda96affafdc1f9fcb3c3
 
x86_64:
pam-devel-0.99.6.2-6.el5_5.2.i386.rpm
File outdated by:  RHBA-2013:0032		     MD5: 3c51274279428d672417422b3d252b79
SHA-256: a26389607f6ac3394cda85d670f82e56e01777a1c1ffda96affafdc1f9fcb3c3
pam-devel-0.99.6.2-6.el5_5.2.x86_64.rpm
File outdated by:  RHBA-2013:0032		     MD5: e8433ce9b5645d7b6bcf2e124eb229a2
SHA-256: 52fbf3f64dc2ca1b0251b460ce93bf2255df4f953574ab58ac21708d73f07a4b
 
Red Hat Enterprise Linux (v. 5 server)
SRPMS:
pam-0.99.6.2-6.el5_5.2.src.rpm
File outdated by:  RHBA-2013:0032		     MD5: ad727b413f0d29cabbc38b5beee7ba6c
SHA-256: 9ed891431d644824d5623a56fcad35c5cc858fa016520ddcb2bce533aa3f8217
 
IA-32:
pam-0.99.6.2-6.el5_5.2.i386.rpm
File outdated by:  RHBA-2013:0032		     MD5: 4a1696dcec3f6ea874dac20de96898eb
SHA-256: 5fcdeb64dd7304f890a615c9b51e13314272d62eadaa3d915785e88628d1e3b0
pam-devel-0.99.6.2-6.el5_5.2.i386.rpm
File outdated by:  RHBA-2013:0032		     MD5: 3c51274279428d672417422b3d252b79
SHA-256: a26389607f6ac3394cda85d670f82e56e01777a1c1ffda96affafdc1f9fcb3c3
 
IA-64:
pam-0.99.6.2-6.el5_5.2.i386.rpm
File outdated by:  RHBA-2013:0032		     MD5: 4a1696dcec3f6ea874dac20de96898eb
SHA-256: 5fcdeb64dd7304f890a615c9b51e13314272d62eadaa3d915785e88628d1e3b0
pam-0.99.6.2-6.el5_5.2.ia64.rpm
File outdated by:  RHBA-2013:0032		     MD5: 6c9f0891ae8a9b46db3257aa28e210d5
SHA-256: d12607782e81dc6471baac272fc09fb14cb17ee2a785505e016cfab92f79ce45
pam-devel-0.99.6.2-6.el5_5.2.ia64.rpm
File outdated by:  RHBA-2013:0032		     MD5: b9c73634fc9445cf02d1f8d234ba23aa
SHA-256: 5b0033fbe58bc71863e836448e8c5755d169bd22cdd29a65aadc69af133be844
 
PPC:
pam-0.99.6.2-6.el5_5.2.ppc.rpm
File outdated by:  RHBA-2013:0032		     MD5: b302ec7e105773573129860e6166b63f
SHA-256: 77df572cbfbc59eafbbe13588ac09c5e0995d4dee30b5b7e3c21146c57ec7e1c
pam-0.99.6.2-6.el5_5.2.ppc64.rpm
File outdated by:  RHBA-2013:0032		     MD5: 8ebbee8b2179953554f28625a4e13640
SHA-256: 20c10da0885c119b74a3fc397b17950eae4df7c7dad0389c957b78a33612e491
pam-devel-0.99.6.2-6.el5_5.2.ppc.rpm
File outdated by:  RHBA-2013:0032		     MD5: c540634932e90aace818b8f4a4217ec2
SHA-256: b3b7258b6b2ba070868035be506605abe357b9dfa3018c39eb8485cb1fa3bb23
pam-devel-0.99.6.2-6.el5_5.2.ppc64.rpm
File outdated by:  RHBA-2013:0032		     MD5: e98a66401ffc8d7f89701b15fd58e221
SHA-256: facb7ddcfeca79e7f074ae9882aedc8dac697f8eb5a6ea0377ef2e09c45d3ca5
 
s390x:
pam-0.99.6.2-6.el5_5.2.s390.rpm
File outdated by:  RHBA-2013:0032		     MD5: e30d6a8de659ca0390e37696e1b3630d
SHA-256: 3e903713d6c3c355eaf03fb799939cff4a187b5417aa507cb7970a1c8cb562bd
pam-0.99.6.2-6.el5_5.2.s390x.rpm
File outdated by:  RHBA-2013:0032		     MD5: 336f5deffe3e74d6bebfdb6d148d0bd2
SHA-256: cd01b1db65083e0c5f076e04dfea4a66b47be40eadc5e52b01e50c95a8ec8551
pam-devel-0.99.6.2-6.el5_5.2.s390.rpm
File outdated by:  RHBA-2013:0032		     MD5: 5d29f1de1c44a1dd5c9fa748427cee81
SHA-256: c8da9e6a2c6f812c5d7558ddeeada1e71b9a90fe788d778a226e6c5555cb3ea0
pam-devel-0.99.6.2-6.el5_5.2.s390x.rpm
File outdated by:  RHBA-2013:0032		     MD5: c641e6685824c0fe62d566990658acb0
SHA-256: fd5c40e53a2e8a7c0f80b4c1fbd9cbca2e25dc37e88d43d1ae706c43cc7d1795
 
x86_64:
pam-0.99.6.2-6.el5_5.2.i386.rpm
File outdated by:  RHBA-2013:0032		     MD5: 4a1696dcec3f6ea874dac20de96898eb
SHA-256: 5fcdeb64dd7304f890a615c9b51e13314272d62eadaa3d915785e88628d1e3b0
pam-0.99.6.2-6.el5_5.2.x86_64.rpm
File outdated by:  RHBA-2013:0032		     MD5: a2a3d80203a85ad7fcef3ddf003c4bd2
SHA-256: 6061a698283a8d07a4b225c2a15f797088818fe2a64d0504dce381078920d16f
pam-devel-0.99.6.2-6.el5_5.2.i386.rpm
File outdated by:  RHBA-2013:0032		     MD5: 3c51274279428d672417422b3d252b79
SHA-256: a26389607f6ac3394cda85d670f82e56e01777a1c1ffda96affafdc1f9fcb3c3
pam-devel-0.99.6.2-6.el5_5.2.x86_64.rpm
File outdated by:  RHBA-2013:0032		     MD5: e8433ce9b5645d7b6bcf2e124eb229a2
SHA-256: 52fbf3f64dc2ca1b0251b460ce93bf2255df4f953574ab58ac21708d73f07a4b
 
Red Hat Enterprise Linux Desktop (v. 5 client)
SRPMS:
pam-0.99.6.2-6.el5_5.2.src.rpm
File outdated by:  RHBA-2013:0032		     MD5: ad727b413f0d29cabbc38b5beee7ba6c
SHA-256: 9ed891431d644824d5623a56fcad35c5cc858fa016520ddcb2bce533aa3f8217
 
IA-32:
pam-0.99.6.2-6.el5_5.2.i386.rpm
File outdated by:  RHBA-2013:0032		     MD5: 4a1696dcec3f6ea874dac20de96898eb
SHA-256: 5fcdeb64dd7304f890a615c9b51e13314272d62eadaa3d915785e88628d1e3b0
 
x86_64:
pam-0.99.6.2-6.el5_5.2.i386.rpm
File outdated by:  RHBA-2013:0032		     MD5: 4a1696dcec3f6ea874dac20de96898eb
SHA-256: 5fcdeb64dd7304f890a615c9b51e13314272d62eadaa3d915785e88628d1e3b0
pam-0.99.6.2-6.el5_5.2.x86_64.rpm
File outdated by:  RHBA-2013:0032		     MD5: a2a3d80203a85ad7fcef3ddf003c4bd2
SHA-256: 6061a698283a8d07a4b225c2a15f797088818fe2a64d0504dce381078920d16f
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

637898 - CVE-2010-3316 pam: pam_xauth missing return value checks from setuid() and similar calls
641335 - CVE-2010-3435 pam: pam_env and pam_mail accessing users' file with root privileges
643043 - CVE-2010-3853 pam: pam_namespace executes namespace.init with service's environment


References

https://www.redhat.com/security/data/cve/CVE-2010-3316.html
https://www.redhat.com/security/data/cve/CVE-2010-3435.html
https://www.redhat.com/security/data/cve/CVE-2010-3853.html
https://www.redhat.com/security/data/cve/CVE-2010-4707.html
http://www.redhat.com/security/updates/classification/#moderate

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/