Skip to navigation

Security Advisory Moderate: pam security update

Advisory: RHSA-2010:0891-1
Type: Security Advisory
Severity: Moderate
Issued on: 2010-11-16
Last updated on: 2010-11-16
Affected Products: Red Hat Enterprise Linux Desktop (v. 6)
Red Hat Enterprise Linux HPC Node (v. 6)
Red Hat Enterprise Linux Server (v. 6)
Red Hat Enterprise Linux Server EUS (v. 6.0.z)
Red Hat Enterprise Linux Workstation (v. 6)
CVEs (cve.mitre.org): CVE-2010-3316
CVE-2010-3435
CVE-2010-3853
CVE-2010-4707
CVE-2010-4708

Details

Updated pam packages that fix three security issues are now available for
Red Hat Enterprise Linux 6.

The Red Hat Security Response Team has rated this update as having moderate
security impact. Common Vulnerability Scoring System (CVSS) base scores,
which give detailed severity ratings, are available for each vulnerability
from the CVE links in the References section.

Pluggable Authentication Modules (PAM) provide a system whereby
administrators can set up authentication policies without having to
recompile programs that handle authentication.

It was discovered that the pam_namespace module executed the external
script namespace.init with an unchanged environment inherited from an
application calling PAM. In cases where such an environment was untrusted
(for example, when pam_namespace was configured for setuid applications
such as su or sudo), a local, unprivileged user could possibly use this
flaw to escalate their privileges. (CVE-2010-3853)

It was discovered that the pam_env and pam_mail modules used root
privileges while accessing user's files. A local, unprivileged user could
use this flaw to obtain information, from the lines that have the KEY=VALUE
format expected by pam_env, from an arbitrary file. Also, in certain
configurations, a local, unprivileged user using a service for which the
pam_mail module was configured for, could use this flaw to obtain limited
information about files or directories that they do not have access to.
(CVE-2010-3435)

Note: As part of the fix for CVE-2010-3435, this update changes the default
value of pam_env's configuration option user_readenv to 0, causing the
module to not read user's ~/.pam_environment configuration file by default,
as reading it may introduce unexpected changes to the environment of the
service using PAM, or PAM modules consulted after pam_env.

It was discovered that the pam_xauth module did not verify the return
values of the setuid() and setgid() system calls. A local, unprivileged
user could use this flaw to execute the xauth command with root privileges
and make it read an arbitrary input file. (CVE-2010-3316)

Red Hat would like to thank Sebastian Krahmer of the SuSE Security Team for
reporting the CVE-2010-3435 issue.

All pam users should upgrade to these updated packages, which contain
backported patches to correct these issues.


Solution

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/docs/DOC-11259

Updated packages

Red Hat Enterprise Linux Desktop (v. 6)

SRPMS:
pam-1.1.1-4.el6_0.1.src.rpm
File outdated by:  RHEA-2013:1734
    MD5: 03cb406d818654001a5d6407f623ca7a
SHA-256: 7fae8ab62ac4a1d69dfb80557c2fd06d83e7a0e572301d79c3de7878cdc3d36c
 
IA-32:
pam-1.1.1-4.el6_0.1.i686.rpm
File outdated by:  RHEA-2013:1734
    MD5: 84ef899af7b6c3569ee0a66e946c038f
SHA-256: 9724e44430af9355988e5527bcb7b31e19ec7e9cbcaf5d1628af843786c4157f
pam-debuginfo-1.1.1-4.el6_0.1.i686.rpm
File outdated by:  RHEA-2013:1734
    MD5: 956db397a618c73d85b1484496df4497
SHA-256: afe000fc8da83c0d4bf7f20d984086132c3ddea216a7b11821d9cf33f6e5b666
pam-devel-1.1.1-4.el6_0.1.i686.rpm
File outdated by:  RHEA-2013:1734
    MD5: dfb4c1ea1ba1c022c3f81d8073fbc86d
SHA-256: d96e8bebde1b416d4953e9b3ae438d09f224d89bcc1393746b2ea93044a9cb7f
 
x86_64:
pam-1.1.1-4.el6_0.1.i686.rpm
File outdated by:  RHEA-2013:1734
    MD5: 84ef899af7b6c3569ee0a66e946c038f
SHA-256: 9724e44430af9355988e5527bcb7b31e19ec7e9cbcaf5d1628af843786c4157f
pam-1.1.1-4.el6_0.1.x86_64.rpm
File outdated by:  RHEA-2013:1734
    MD5: 04901a87e19c70666714da4ce6eba5df
SHA-256: 862a6a8540a77137a50785764703db4610f5e89d22d1651a6fd2436b44394404
pam-debuginfo-1.1.1-4.el6_0.1.i686.rpm
File outdated by:  RHEA-2013:1734
    MD5: 956db397a618c73d85b1484496df4497
SHA-256: afe000fc8da83c0d4bf7f20d984086132c3ddea216a7b11821d9cf33f6e5b666
pam-debuginfo-1.1.1-4.el6_0.1.x86_64.rpm
File outdated by:  RHEA-2013:1734
    MD5: 84274196fb16e2a893f6e1a6a97aa236
SHA-256: f9a40c68cc75ce992a78cec067c921ab2b1dd72c7e6d2b66a659645d906c30b1
pam-devel-1.1.1-4.el6_0.1.i686.rpm
File outdated by:  RHEA-2013:1734
    MD5: dfb4c1ea1ba1c022c3f81d8073fbc86d
SHA-256: d96e8bebde1b416d4953e9b3ae438d09f224d89bcc1393746b2ea93044a9cb7f
pam-devel-1.1.1-4.el6_0.1.x86_64.rpm
File outdated by:  RHEA-2013:1734
    MD5: 821436fcae9126f2231b9da1ce42f912
SHA-256: 247b00ee128fdc7823f5c0456d0f3c98109d116f862ccee27a35cdd21d2f718e
 
Red Hat Enterprise Linux HPC Node (v. 6)

SRPMS:
pam-1.1.1-4.el6_0.1.src.rpm
File outdated by:  RHEA-2013:1734
    MD5: 03cb406d818654001a5d6407f623ca7a
SHA-256: 7fae8ab62ac4a1d69dfb80557c2fd06d83e7a0e572301d79c3de7878cdc3d36c
 
x86_64:
pam-1.1.1-4.el6_0.1.i686.rpm
File outdated by:  RHEA-2013:1734
    MD5: 84ef899af7b6c3569ee0a66e946c038f
SHA-256: 9724e44430af9355988e5527bcb7b31e19ec7e9cbcaf5d1628af843786c4157f
pam-1.1.1-4.el6_0.1.x86_64.rpm
File outdated by:  RHEA-2013:1734
    MD5: 04901a87e19c70666714da4ce6eba5df
SHA-256: 862a6a8540a77137a50785764703db4610f5e89d22d1651a6fd2436b44394404
pam-debuginfo-1.1.1-4.el6_0.1.i686.rpm
File outdated by:  RHEA-2013:1734
    MD5: 956db397a618c73d85b1484496df4497
SHA-256: afe000fc8da83c0d4bf7f20d984086132c3ddea216a7b11821d9cf33f6e5b666
pam-debuginfo-1.1.1-4.el6_0.1.x86_64.rpm
File outdated by:  RHEA-2013:1734
    MD5: 84274196fb16e2a893f6e1a6a97aa236
SHA-256: f9a40c68cc75ce992a78cec067c921ab2b1dd72c7e6d2b66a659645d906c30b1
pam-devel-1.1.1-4.el6_0.1.i686.rpm
File outdated by:  RHEA-2013:1734
    MD5: dfb4c1ea1ba1c022c3f81d8073fbc86d
SHA-256: d96e8bebde1b416d4953e9b3ae438d09f224d89bcc1393746b2ea93044a9cb7f
pam-devel-1.1.1-4.el6_0.1.x86_64.rpm
File outdated by:  RHEA-2013:1734
    MD5: 821436fcae9126f2231b9da1ce42f912
SHA-256: 247b00ee128fdc7823f5c0456d0f3c98109d116f862ccee27a35cdd21d2f718e
 
Red Hat Enterprise Linux Server (v. 6)

SRPMS:
pam-1.1.1-4.el6_0.1.src.rpm
File outdated by:  RHEA-2013:1734
    MD5: 03cb406d818654001a5d6407f623ca7a
SHA-256: 7fae8ab62ac4a1d69dfb80557c2fd06d83e7a0e572301d79c3de7878cdc3d36c
 
IA-32:
pam-1.1.1-4.el6_0.1.i686.rpm
File outdated by:  RHEA-2013:1734
    MD5: 84ef899af7b6c3569ee0a66e946c038f
SHA-256: 9724e44430af9355988e5527bcb7b31e19ec7e9cbcaf5d1628af843786c4157f
pam-debuginfo-1.1.1-4.el6_0.1.i686.rpm
File outdated by:  RHEA-2013:1734
    MD5: 956db397a618c73d85b1484496df4497
SHA-256: afe000fc8da83c0d4bf7f20d984086132c3ddea216a7b11821d9cf33f6e5b666
pam-devel-1.1.1-4.el6_0.1.i686.rpm
File outdated by:  RHEA-2013:1734
    MD5: dfb4c1ea1ba1c022c3f81d8073fbc86d
SHA-256: d96e8bebde1b416d4953e9b3ae438d09f224d89bcc1393746b2ea93044a9cb7f
 
PPC:
pam-1.1.1-4.el6_0.1.ppc.rpm
File outdated by:  RHEA-2013:1734
    MD5: 9e76d85fb27796d4a1adfe39f0c239f3
SHA-256: 5514c43681416ae7b8c2120d2a7c7f008bc98a226917bc45e2da0c33ae9a059f
pam-1.1.1-4.el6_0.1.ppc64.rpm
File outdated by:  RHEA-2013:1734
    MD5: ea585020abf95e47cffeffefad55e625
SHA-256: 33529b40ec34093940c9a7f2ab739eb4d51ee31d08447bd4edf9d8b885943d83
pam-debuginfo-1.1.1-4.el6_0.1.ppc.rpm
File outdated by:  RHEA-2013:1734
    MD5: 1147dd36fc9124adb78e3b9c835c0df8
SHA-256: 0a58b72b61cbea92f94ba478307582f3eba42fac73a6e53fb386778764775ae7
pam-debuginfo-1.1.1-4.el6_0.1.ppc64.rpm
File outdated by:  RHEA-2013:1734
    MD5: 5df7259f5578a3a5da27cb62fc148602
SHA-256: cabdf1e6909156fb228b5db30163fda9ecc67128afd562aa5ca284c4405c8f8f
pam-devel-1.1.1-4.el6_0.1.ppc.rpm
File outdated by:  RHEA-2013:1734
    MD5: d60efb4d7aced7bcc2e9c95d4ef78769
SHA-256: 956cdb400dca596f4684481651ffbb5f8ffa1869dc94e5fa50dfe07d06e04e8b
pam-devel-1.1.1-4.el6_0.1.ppc64.rpm
File outdated by:  RHEA-2013:1734
    MD5: 52513cc0cdb437bfd102285d32ed292f
SHA-256: 3cbda1af13e2b1378eb857a47561ee0820769e66d5ae9fc8e91a450aa30bd5d8
 
s390x:
pam-1.1.1-4.el6_0.1.s390.rpm
File outdated by:  RHEA-2013:1734
    MD5: 173fa0af3e8f806ceab05ff0bdbab22a
SHA-256: 024bdd158e03d6c1c9da413061c94838507f990afc2ec8796c5f891fd7219c0d
pam-1.1.1-4.el6_0.1.s390x.rpm
File outdated by:  RHEA-2013:1734
    MD5: 6e0c92b82250eda7111f00ecce50171d
SHA-256: 85c66374ed48a8332f1e64a5f8b5dd5621c12d73ec79e6ad02b793bcaa257a1c
pam-debuginfo-1.1.1-4.el6_0.1.s390.rpm
File outdated by:  RHEA-2013:1734
    MD5: 44c5c5e7b685d1191923423cab3f2e1b
SHA-256: b65b62aa0e104b1b4c4901b94590270d41b14daa39162bc28311c7fac8cc79f7
pam-debuginfo-1.1.1-4.el6_0.1.s390x.rpm
File outdated by:  RHEA-2013:1734
    MD5: f5bfe4136062f25a84c029c32ab4ff51
SHA-256: 3e83c57fb9c255a2f42898016bc399f8977b169f24b7da07d1719669e20eabb9
pam-devel-1.1.1-4.el6_0.1.s390.rpm
File outdated by:  RHEA-2013:1734
    MD5: bcfbababd6e8fdcb26c559d009039664
SHA-256: 36fa8b09cf02bf51aad26d836278173165a0709ead8b79aabd5679a280e64c26
pam-devel-1.1.1-4.el6_0.1.s390x.rpm
File outdated by:  RHEA-2013:1734
    MD5: 971ed7a0afa6f4b87433fb49d428a9cf
SHA-256: f9978aa882ac45fa07deb47a7d14e55d2033c0768ab550602117577f37c7ac69
 
x86_64:
pam-1.1.1-4.el6_0.1.i686.rpm
File outdated by:  RHEA-2013:1734
    MD5: 84ef899af7b6c3569ee0a66e946c038f
SHA-256: 9724e44430af9355988e5527bcb7b31e19ec7e9cbcaf5d1628af843786c4157f
pam-1.1.1-4.el6_0.1.x86_64.rpm
File outdated by:  RHEA-2013:1734
    MD5: 04901a87e19c70666714da4ce6eba5df
SHA-256: 862a6a8540a77137a50785764703db4610f5e89d22d1651a6fd2436b44394404
pam-debuginfo-1.1.1-4.el6_0.1.i686.rpm
File outdated by:  RHEA-2013:1734
    MD5: 956db397a618c73d85b1484496df4497
SHA-256: afe000fc8da83c0d4bf7f20d984086132c3ddea216a7b11821d9cf33f6e5b666
pam-debuginfo-1.1.1-4.el6_0.1.x86_64.rpm
File outdated by:  RHEA-2013:1734
    MD5: 84274196fb16e2a893f6e1a6a97aa236
SHA-256: f9a40c68cc75ce992a78cec067c921ab2b1dd72c7e6d2b66a659645d906c30b1
pam-devel-1.1.1-4.el6_0.1.i686.rpm
File outdated by:  RHEA-2013:1734
    MD5: dfb4c1ea1ba1c022c3f81d8073fbc86d
SHA-256: d96e8bebde1b416d4953e9b3ae438d09f224d89bcc1393746b2ea93044a9cb7f
pam-devel-1.1.1-4.el6_0.1.x86_64.rpm
File outdated by:  RHEA-2013:1734
    MD5: 821436fcae9126f2231b9da1ce42f912
SHA-256: 247b00ee128fdc7823f5c0456d0f3c98109d116f862ccee27a35cdd21d2f718e
 
Red Hat Enterprise Linux Server EUS (v. 6.0.z)

SRPMS:
pam-1.1.1-4.el6_0.1.src.rpm
File outdated by:  RHEA-2013:1734
    MD5: 03cb406d818654001a5d6407f623ca7a
SHA-256: 7fae8ab62ac4a1d69dfb80557c2fd06d83e7a0e572301d79c3de7878cdc3d36c
 
IA-32:
pam-1.1.1-4.el6_0.1.i686.rpm     MD5: 84ef899af7b6c3569ee0a66e946c038f
SHA-256: 9724e44430af9355988e5527bcb7b31e19ec7e9cbcaf5d1628af843786c4157f
pam-debuginfo-1.1.1-4.el6_0.1.i686.rpm     MD5: 956db397a618c73d85b1484496df4497
SHA-256: afe000fc8da83c0d4bf7f20d984086132c3ddea216a7b11821d9cf33f6e5b666
pam-devel-1.1.1-4.el6_0.1.i686.rpm     MD5: dfb4c1ea1ba1c022c3f81d8073fbc86d
SHA-256: d96e8bebde1b416d4953e9b3ae438d09f224d89bcc1393746b2ea93044a9cb7f
 
PPC:
pam-1.1.1-4.el6_0.1.ppc.rpm     MD5: 9e76d85fb27796d4a1adfe39f0c239f3
SHA-256: 5514c43681416ae7b8c2120d2a7c7f008bc98a226917bc45e2da0c33ae9a059f
pam-1.1.1-4.el6_0.1.ppc64.rpm     MD5: ea585020abf95e47cffeffefad55e625
SHA-256: 33529b40ec34093940c9a7f2ab739eb4d51ee31d08447bd4edf9d8b885943d83
pam-debuginfo-1.1.1-4.el6_0.1.ppc.rpm     MD5: 1147dd36fc9124adb78e3b9c835c0df8
SHA-256: 0a58b72b61cbea92f94ba478307582f3eba42fac73a6e53fb386778764775ae7
pam-debuginfo-1.1.1-4.el6_0.1.ppc64.rpm     MD5: 5df7259f5578a3a5da27cb62fc148602
SHA-256: cabdf1e6909156fb228b5db30163fda9ecc67128afd562aa5ca284c4405c8f8f
pam-devel-1.1.1-4.el6_0.1.ppc.rpm     MD5: d60efb4d7aced7bcc2e9c95d4ef78769
SHA-256: 956cdb400dca596f4684481651ffbb5f8ffa1869dc94e5fa50dfe07d06e04e8b
pam-devel-1.1.1-4.el6_0.1.ppc64.rpm     MD5: 52513cc0cdb437bfd102285d32ed292f
SHA-256: 3cbda1af13e2b1378eb857a47561ee0820769e66d5ae9fc8e91a450aa30bd5d8
 
s390x:
pam-1.1.1-4.el6_0.1.s390.rpm     MD5: 173fa0af3e8f806ceab05ff0bdbab22a
SHA-256: 024bdd158e03d6c1c9da413061c94838507f990afc2ec8796c5f891fd7219c0d
pam-1.1.1-4.el6_0.1.s390x.rpm     MD5: 6e0c92b82250eda7111f00ecce50171d
SHA-256: 85c66374ed48a8332f1e64a5f8b5dd5621c12d73ec79e6ad02b793bcaa257a1c
pam-debuginfo-1.1.1-4.el6_0.1.s390.rpm     MD5: 44c5c5e7b685d1191923423cab3f2e1b
SHA-256: b65b62aa0e104b1b4c4901b94590270d41b14daa39162bc28311c7fac8cc79f7
pam-debuginfo-1.1.1-4.el6_0.1.s390x.rpm     MD5: f5bfe4136062f25a84c029c32ab4ff51
SHA-256: 3e83c57fb9c255a2f42898016bc399f8977b169f24b7da07d1719669e20eabb9
pam-devel-1.1.1-4.el6_0.1.s390.rpm     MD5: bcfbababd6e8fdcb26c559d009039664
SHA-256: 36fa8b09cf02bf51aad26d836278173165a0709ead8b79aabd5679a280e64c26
pam-devel-1.1.1-4.el6_0.1.s390x.rpm     MD5: 971ed7a0afa6f4b87433fb49d428a9cf
SHA-256: f9978aa882ac45fa07deb47a7d14e55d2033c0768ab550602117577f37c7ac69
 
x86_64:
pam-1.1.1-4.el6_0.1.i686.rpm     MD5: 84ef899af7b6c3569ee0a66e946c038f
SHA-256: 9724e44430af9355988e5527bcb7b31e19ec7e9cbcaf5d1628af843786c4157f
pam-1.1.1-4.el6_0.1.x86_64.rpm     MD5: 04901a87e19c70666714da4ce6eba5df
SHA-256: 862a6a8540a77137a50785764703db4610f5e89d22d1651a6fd2436b44394404
pam-debuginfo-1.1.1-4.el6_0.1.i686.rpm     MD5: 956db397a618c73d85b1484496df4497
SHA-256: afe000fc8da83c0d4bf7f20d984086132c3ddea216a7b11821d9cf33f6e5b666
pam-debuginfo-1.1.1-4.el6_0.1.x86_64.rpm     MD5: 84274196fb16e2a893f6e1a6a97aa236
SHA-256: f9a40c68cc75ce992a78cec067c921ab2b1dd72c7e6d2b66a659645d906c30b1
pam-devel-1.1.1-4.el6_0.1.i686.rpm     MD5: dfb4c1ea1ba1c022c3f81d8073fbc86d
SHA-256: d96e8bebde1b416d4953e9b3ae438d09f224d89bcc1393746b2ea93044a9cb7f
pam-devel-1.1.1-4.el6_0.1.x86_64.rpm     MD5: 821436fcae9126f2231b9da1ce42f912
SHA-256: 247b00ee128fdc7823f5c0456d0f3c98109d116f862ccee27a35cdd21d2f718e
 
Red Hat Enterprise Linux Workstation (v. 6)

SRPMS:
pam-1.1.1-4.el6_0.1.src.rpm
File outdated by:  RHEA-2013:1734
    MD5: 03cb406d818654001a5d6407f623ca7a
SHA-256: 7fae8ab62ac4a1d69dfb80557c2fd06d83e7a0e572301d79c3de7878cdc3d36c
 
IA-32:
pam-1.1.1-4.el6_0.1.i686.rpm
File outdated by:  RHEA-2013:1734
    MD5: 84ef899af7b6c3569ee0a66e946c038f
SHA-256: 9724e44430af9355988e5527bcb7b31e19ec7e9cbcaf5d1628af843786c4157f
pam-debuginfo-1.1.1-4.el6_0.1.i686.rpm
File outdated by:  RHEA-2013:1734
    MD5: 956db397a618c73d85b1484496df4497
SHA-256: afe000fc8da83c0d4bf7f20d984086132c3ddea216a7b11821d9cf33f6e5b666
pam-devel-1.1.1-4.el6_0.1.i686.rpm
File outdated by:  RHEA-2013:1734
    MD5: dfb4c1ea1ba1c022c3f81d8073fbc86d
SHA-256: d96e8bebde1b416d4953e9b3ae438d09f224d89bcc1393746b2ea93044a9cb7f
 
x86_64:
pam-1.1.1-4.el6_0.1.i686.rpm
File outdated by:  RHEA-2013:1734
    MD5: 84ef899af7b6c3569ee0a66e946c038f
SHA-256: 9724e44430af9355988e5527bcb7b31e19ec7e9cbcaf5d1628af843786c4157f
pam-1.1.1-4.el6_0.1.x86_64.rpm
File outdated by:  RHEA-2013:1734
    MD5: 04901a87e19c70666714da4ce6eba5df
SHA-256: 862a6a8540a77137a50785764703db4610f5e89d22d1651a6fd2436b44394404
pam-debuginfo-1.1.1-4.el6_0.1.i686.rpm
File outdated by:  RHEA-2013:1734
    MD5: 956db397a618c73d85b1484496df4497
SHA-256: afe000fc8da83c0d4bf7f20d984086132c3ddea216a7b11821d9cf33f6e5b666
pam-debuginfo-1.1.1-4.el6_0.1.x86_64.rpm
File outdated by:  RHEA-2013:1734
    MD5: 84274196fb16e2a893f6e1a6a97aa236
SHA-256: f9a40c68cc75ce992a78cec067c921ab2b1dd72c7e6d2b66a659645d906c30b1
pam-devel-1.1.1-4.el6_0.1.i686.rpm
File outdated by:  RHEA-2013:1734
    MD5: dfb4c1ea1ba1c022c3f81d8073fbc86d
SHA-256: d96e8bebde1b416d4953e9b3ae438d09f224d89bcc1393746b2ea93044a9cb7f
pam-devel-1.1.1-4.el6_0.1.x86_64.rpm
File outdated by:  RHEA-2013:1734
    MD5: 821436fcae9126f2231b9da1ce42f912
SHA-256: 247b00ee128fdc7823f5c0456d0f3c98109d116f862ccee27a35cdd21d2f718e
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

637898 - CVE-2010-3316 pam: pam_xauth missing return value checks from setuid() and similar calls
641335 - CVE-2010-3435 pam: pam_env and pam_mail accessing users' file with root privileges
643043 - CVE-2010-3853 pam: pam_namespace executes namespace.init with service's environment


References



These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/