Skip to navigation

Security Advisory pam security update

Advisory: RHSA-2005:805-6
Type: Security Advisory
Severity: Low
Issued on: 2005-10-26
Last updated on: 2005-10-26
Affected Products: Red Hat Desktop (v. 4)
Red Hat Enterprise Linux AS (v. 4)
Red Hat Enterprise Linux ES (v. 4)
Red Hat Enterprise Linux WS (v. 4)
CVEs (cve.mitre.org): CVE-2005-2977

Details

An updated pam package that fixes a security weakness is now available for
Red Hat Enterprise Linux 4.

This update has been rated as having low security impact by the Red Hat
Security Response Team.

PAM (Pluggable Authentication Modules) is a system security tool that
allows system administrators to set an authentication policy without
having to recompile programs that handle authentication.

A bug was found in the way PAM's unix_chkpwd helper program validates user
passwords when SELinux is enabled. Under normal circumstances, it is not
possible for a local non-root user to verify the password of another local
user with the unix_chkpwd command. A patch applied that adds SELinux
functionality makes it possible for a local user to use brute force
password guessing techniques against other local user accounts. The Common
Vulnerabilities and Exposures project has assigned the name CVE-2005-2977 to
this issue.

All users of pam should upgrade to this updated package, which contains
backported patches to correct these issues.


Solution

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

This update is available via Red Hat Network. To use Red Hat Network,
launch the Red Hat Update Agent with the following command:

up2date

This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system.

Updated packages

Red Hat Desktop (v. 4)

SRPMS:
pam-0.77-66.13.src.rpm
File outdated by:  RHBA-2010:0512
    MD5: 40051eb6cad80e8188365f3f9edd39d1
 
IA-32:
pam-0.77-66.13.i386.rpm
File outdated by:  RHBA-2010:0512
    MD5: 0e0953ec3d666d576c1744a847de2c80
pam-devel-0.77-66.13.i386.rpm
File outdated by:  RHBA-2010:0512
    MD5: a760a30433c7c72323c0ea7b1b508852
 
x86_64:
pam-0.77-66.13.i386.rpm
File outdated by:  RHBA-2010:0512
    MD5: 0e0953ec3d666d576c1744a847de2c80
pam-0.77-66.13.x86_64.rpm
File outdated by:  RHBA-2010:0512
    MD5: 5a7c43f47d4311f07445c3f6b23fbd2c
pam-devel-0.77-66.13.i386.rpm
File outdated by:  RHBA-2010:0512
    MD5: a760a30433c7c72323c0ea7b1b508852
pam-devel-0.77-66.13.x86_64.rpm
File outdated by:  RHBA-2010:0512
    MD5: e5fb54c971f5eb92368750ac34f7da49
 
Red Hat Enterprise Linux AS (v. 4)

SRPMS:
pam-0.77-66.13.src.rpm
File outdated by:  RHBA-2010:0512
    MD5: 40051eb6cad80e8188365f3f9edd39d1
 
IA-32:
pam-0.77-66.13.i386.rpm
File outdated by:  RHBA-2010:0512
    MD5: 0e0953ec3d666d576c1744a847de2c80
pam-devel-0.77-66.13.i386.rpm
File outdated by:  RHBA-2010:0512
    MD5: a760a30433c7c72323c0ea7b1b508852
 
IA-64:
pam-0.77-66.13.i386.rpm
File outdated by:  RHBA-2010:0512
    MD5: 0e0953ec3d666d576c1744a847de2c80
pam-0.77-66.13.ia64.rpm
File outdated by:  RHBA-2010:0512
    MD5: 6fb2f1d6b0adca375262d60b26daa39a
pam-devel-0.77-66.13.ia64.rpm
File outdated by:  RHBA-2010:0512
    MD5: 593c3eab0132c038560b39fa8b19abc8
 
PPC:
pam-0.77-66.13.ppc.rpm
File outdated by:  RHBA-2010:0512
    MD5: 88ae8dc4c6226ef6720dd6fd6c9f9e9c
pam-0.77-66.13.ppc64.rpm
File outdated by:  RHBA-2010:0512
    MD5: 9eac63c8111f9379ef0e40e6e0340ec8
pam-devel-0.77-66.13.ppc.rpm
File outdated by:  RHBA-2010:0512
    MD5: f50a5cf887189104d713deddf78d2488
pam-devel-0.77-66.13.ppc64.rpm
File outdated by:  RHBA-2010:0512
    MD5: 99eebe771e1a4914530c8437cb4ac298
 
s390:
pam-0.77-66.13.s390.rpm
File outdated by:  RHBA-2010:0512
    MD5: afdbb7161cd67ca383726f0ae44753f2
pam-devel-0.77-66.13.s390.rpm
File outdated by:  RHBA-2010:0512
    MD5: 54d792d384bf8f91149368cac9a29758
 
s390x:
pam-0.77-66.13.s390.rpm
File outdated by:  RHBA-2010:0512
    MD5: afdbb7161cd67ca383726f0ae44753f2
pam-0.77-66.13.s390x.rpm
File outdated by:  RHBA-2010:0512
    MD5: 71a1f0909b8629d802ef67de663e0047
pam-devel-0.77-66.13.s390.rpm
File outdated by:  RHBA-2010:0512
    MD5: 54d792d384bf8f91149368cac9a29758
pam-devel-0.77-66.13.s390x.rpm
File outdated by:  RHBA-2010:0512
    MD5: 0c247e0b1a84b455d6a1e19c263499ba
 
x86_64:
pam-0.77-66.13.i386.rpm
File outdated by:  RHBA-2010:0512
    MD5: 0e0953ec3d666d576c1744a847de2c80
pam-0.77-66.13.x86_64.rpm
File outdated by:  RHBA-2010:0512
    MD5: 5a7c43f47d4311f07445c3f6b23fbd2c
pam-devel-0.77-66.13.i386.rpm
File outdated by:  RHBA-2010:0512
    MD5: a760a30433c7c72323c0ea7b1b508852
pam-devel-0.77-66.13.x86_64.rpm
File outdated by:  RHBA-2010:0512
    MD5: e5fb54c971f5eb92368750ac34f7da49
 
Red Hat Enterprise Linux ES (v. 4)

SRPMS:
pam-0.77-66.13.src.rpm
File outdated by:  RHBA-2010:0512
    MD5: 40051eb6cad80e8188365f3f9edd39d1
 
IA-32:
pam-0.77-66.13.i386.rpm
File outdated by:  RHBA-2010:0512
    MD5: 0e0953ec3d666d576c1744a847de2c80
pam-devel-0.77-66.13.i386.rpm
File outdated by:  RHBA-2010:0512
    MD5: a760a30433c7c72323c0ea7b1b508852
 
IA-64:
pam-0.77-66.13.i386.rpm
File outdated by:  RHBA-2010:0512
    MD5: 0e0953ec3d666d576c1744a847de2c80
pam-0.77-66.13.ia64.rpm
File outdated by:  RHBA-2010:0512
    MD5: 6fb2f1d6b0adca375262d60b26daa39a
pam-devel-0.77-66.13.ia64.rpm
File outdated by:  RHBA-2010:0512
    MD5: 593c3eab0132c038560b39fa8b19abc8
 
x86_64:
pam-0.77-66.13.i386.rpm
File outdated by:  RHBA-2010:0512
    MD5: 0e0953ec3d666d576c1744a847de2c80
pam-0.77-66.13.x86_64.rpm
File outdated by:  RHBA-2010:0512
    MD5: 5a7c43f47d4311f07445c3f6b23fbd2c
pam-devel-0.77-66.13.i386.rpm
File outdated by:  RHBA-2010:0512
    MD5: a760a30433c7c72323c0ea7b1b508852
pam-devel-0.77-66.13.x86_64.rpm
File outdated by:  RHBA-2010:0512
    MD5: e5fb54c971f5eb92368750ac34f7da49
 
Red Hat Enterprise Linux WS (v. 4)

SRPMS:
pam-0.77-66.13.src.rpm
File outdated by:  RHBA-2010:0512
    MD5: 40051eb6cad80e8188365f3f9edd39d1
 
IA-32:
pam-0.77-66.13.i386.rpm
File outdated by:  RHBA-2010:0512
    MD5: 0e0953ec3d666d576c1744a847de2c80
pam-devel-0.77-66.13.i386.rpm
File outdated by:  RHBA-2010:0512
    MD5: a760a30433c7c72323c0ea7b1b508852
 
IA-64:
pam-0.77-66.13.i386.rpm
File outdated by:  RHBA-2010:0512
    MD5: 0e0953ec3d666d576c1744a847de2c80
pam-0.77-66.13.ia64.rpm
File outdated by:  RHBA-2010:0512
    MD5: 6fb2f1d6b0adca375262d60b26daa39a
pam-devel-0.77-66.13.ia64.rpm
File outdated by:  RHBA-2010:0512
    MD5: 593c3eab0132c038560b39fa8b19abc8
 
x86_64:
pam-0.77-66.13.i386.rpm
File outdated by:  RHBA-2010:0512
    MD5: 0e0953ec3d666d576c1744a847de2c80
pam-0.77-66.13.x86_64.rpm
File outdated by:  RHBA-2010:0512
    MD5: 5a7c43f47d4311f07445c3f6b23fbd2c
pam-devel-0.77-66.13.i386.rpm
File outdated by:  RHBA-2010:0512
    MD5: a760a30433c7c72323c0ea7b1b508852
pam-devel-0.77-66.13.x86_64.rpm
File outdated by:  RHBA-2010:0512
    MD5: e5fb54c971f5eb92368750ac34f7da49
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

168181 - CVE-2005-2977 unix_chkpwd helper doesn't verify requesting user if SELinux is enabled


References



These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/