Skip to navigation

Security Advisory Updated PAM packages fix bug in pam_xauth module

Advisory: RHSA-2003:035-12
Type: Security Advisory
Severity: N/A
Issued on: 2003-02-07
Last updated on: 2003-06-27
Affected Products: Red Hat Linux 7.1
Red Hat Linux 7.1 for iSeries
Red Hat Linux 7.1 for pSeries
Red Hat Linux 7.2
Red Hat Linux 7.3
Red Hat Linux 8.0
CVEs (cve.mitre.org): CVE-2002-1160

Details

Updated PAM packages are now available for Red Hat Linux 7.1, 7.2, 7.3, and
8.0. These packages correct a bug in pam_xauth's handling of authorization
data for the root user.

[Updated 16 April 2003]
Added packages for Red Hat Linux on IBM iSeries and pSeries systems.

The pam_xauth module is used to forward xauth information from user to user
in applications such as 'su'.

Andreas Beck discovered that versions of pam_xauth supplied with Red Hat
Linux since version 7.1 would forward authorization information from the
root account to unprivileged users. This could be used by a local attacker
to gain access to an administrator's X session. In order to exploit this
vulnerability, the attacker would have to get the administrator, as root,
to use su to the account belonging to the attacker.

Users of pam_xauth are advised to upgrade to these errata packages, which
contain a patch that adds ACL (access control list) functionality to
pam_xauth and disallows root forwarding by default.

Versions of pam_xauth included in Red Hat Linux 7 and earlier disabled
passing of credentials from the root account to unprivileged users by
default and are not affected by this issue.

Thanks to Andreas Beck for reporting this issue.


Solution

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

To update all RPMs for your particular architecture, run:

rpm -Fvh [filenames]

where [filenames] is a list of the RPMs you wish to upgrade. Only those
RPMs which are currently installed will be updated. Those RPMs which are
not installed but included in the list will not be updated. Note that you
can also use wildcards (*.rpm) if your current directory *only* contains the
desired RPMs.

Please note that this update is also available via Red Hat Network. Many
people find this an easier way to apply updates. To use Red Hat Network,
launch the Red Hat Update Agent with the following command:

up2date

This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system.

Updated packages

Red Hat Linux 7.1

IA-32:
ftp://updates.redhat.com/rhn/repository/NULL/pam/0.75-46.7.1/i386/pam-0.75-46.7.1.i386.rpm
Missing file
    MD5: 2ee6c4e7c9c59efdf3e31c8d9482a30a
ftp://updates.redhat.com/rhn/repository/NULL/pam-devel/0.75-46.7.1/i386/pam-devel-0.75-46.7.1.i386.rpm
Missing file
    MD5: 0d8f6cb6d0f293cb174f3e376c21eb1d
 
Red Hat Linux 7.1 for iSeries

iSeries:
ftp://updates.redhat.com/rhn/repository/NULL/pam/0.75-46.7.1/ppc/pam-0.75-46.7.1.ppc.rpm
Missing file
    MD5: 487929049588a3f38d16e5eca3e53f32
ftp://updates.redhat.com/rhn/repository/NULL/pam-devel/0.75-46.7.1/ppc/pam-devel-0.75-46.7.1.ppc.rpm
Missing file
    MD5: 4ec530ffeac21f9a7c9e2dddc271feed
 
Red Hat Linux 7.1 for pSeries

pSeries:
ftp://updates.redhat.com/rhn/repository/NULL/pam/0.75-46.7.1/ppc/pam-0.75-46.7.1.ppc.rpm
Missing file
    MD5: 487929049588a3f38d16e5eca3e53f32
ftp://updates.redhat.com/rhn/repository/NULL/pam-devel/0.75-46.7.1/ppc/pam-devel-0.75-46.7.1.ppc.rpm
Missing file
    MD5: 4ec530ffeac21f9a7c9e2dddc271feed
 
Red Hat Linux 7.2

IA-32:
ftp://updates.redhat.com/rhn/repository/NULL/pam/0.75-46.7.2/i386/pam-0.75-46.7.2.i386.rpm
Missing file
    MD5: 7d16c011e4f74e8e02bb8c193506186d
ftp://updates.redhat.com/rhn/repository/NULL/pam-devel/0.75-46.7.2/i386/pam-devel-0.75-46.7.2.i386.rpm
Missing file
    MD5: 0919b62d8d7531883d6e01f5ff3a51b6
 
IA-64:
ftp://updates.redhat.com/rhn/repository/NULL/pam/0.75-46.7.2/ia64/pam-0.75-46.7.2.ia64.rpm
Missing file
    MD5: e653e3ff25eb958570b411d201b5106e
ftp://updates.redhat.com/rhn/repository/NULL/pam-devel/0.75-46.7.2/ia64/pam-devel-0.75-46.7.2.ia64.rpm
Missing file
    MD5: 8f4d0dc64cdbded20c46a38460e6affe
 
Red Hat Linux 7.3

SRPMS:
ftp://updates.redhat.com/rhn/public/2703533/pam/0.75-46.7.3/SRPMS/pam-0.75-46.7.3.src.rpm
Missing file
    MD5: 99751631043fbe42f98f8598e74e6d4b
 
IA-32:
ftp://updates.redhat.com/rhn/repository/NULL/pam/0.75-46.7.3/i386/pam-0.75-46.7.3.i386.rpm
Missing file
    MD5: 8ea6d868c28c22d629d2059f1ad72f1b
ftp://updates.redhat.com/rhn/repository/NULL/pam-devel/0.75-46.7.3/i386/pam-devel-0.75-46.7.3.i386.rpm
Missing file
    MD5: 9fef754632838504c0590ba30203a925
 
Red Hat Linux 8.0

IA-32:
ftp://updates.redhat.com/rhn/repository/NULL/pam/0.75-46.8.0/i386/pam-0.75-46.8.0.i386.rpm
Missing file
    MD5: 25ebcb39f56c98cc064c34b2d048ed35
ftp://updates.redhat.com/rhn/repository/NULL/pam-devel/0.75-46.8.0/i386/pam-devel-0.75-46.8.0.i386.rpm
Missing file
    MD5: f6412156d54a4021a3200eb7d7ff79c0
 

References


Keywords

cookies, pam_xauth, root


These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/