oss-security September 2010 archive
Main Archive Page > Month Archives  > oss-security archives
oss-security: Re: [oss-security] Minor security flaw with pam_xa

Re: [oss-security] Minor security flaw with pam_xauth

From: Josh Bressers <bressers_at_nospam>
Date: Mon Sep 27 2010 - 20:18:55 GMT
To: oss-security@lists.openwall.com

----- "Solar Designer" <solar@openwall.com> wrote:

Thank you for doing this, it's most apprecited.

>
> pam_xauth missing return value checks from setuid() and similar calls,
> fixed in Linux-PAM 1.1.2 - CVE-2010-3316
>
> pam_env and pam_mail accessing the target user's files as root (and thus
> susceptible to attacks by the user) in Linux-PAM below 1.1.2, partially
> fixed in 1.1.2 - no CVE ID mentioned yet

Use CVE-2010-3435 for this one.

>
> pam_env and pam_mail in Linux-PAM 1.1.2 not switching fsgid (or egid) and
> groups when accessing the target user's files (and thus potentially
> susceptible to attacks by the user) - CVE-2010-3430
>
> pam_env and pam_mail in Linux-PAM 1.1.2 not checking whether the
> setfsuid() calls succeed (no known impact with current Linux kernels, but
> poor practice in general) - CVE-2010-3431
>
> Now, in case someone fixes CVE-2010-3430 but fails to add return value
> checks for the added calls, we'll need yet another CVE ID for the partial
> fix... but I hope this won't happen.
>

Let's hope not. I guess if they do, they can request a new ID.

Thanks.

-- JB