REDHAT-BUG-637898
First published: Mon Sep 27 2010(Updated: )
Tim Brown reported [1] a minor security flaw in pam_xauth where the run_coprocess() function, which is responsible for running 'xauth nlist' as the existing user and 'xauth merge' as the target user does not check the return code on the setuid() call. An attacker with the ability to manipulate the number of processes running on the target account can cause RLIMIT_NPROC to be breached when run_coprocess() is called to execute 'xauth merge' as the target user. This issue was assigned the name <a href="https://access.redhat.com/security/cve/CVE-2010-3316">CVE-2010-3316</a> [2] and is corrected in Linux-PAM 1.1.2 [3]. It is not believed to be exploitable on current kernels, at least not via RLIMIT_NPROC [4]. [1] <a href="https://sourceforge.net/tracker/?func=detail&aid=3028213&group_id=6663&atid=106663">https://sourceforge.net/tracker/?func=detail&aid=3028213&group_id=6663&atid=106663</a> [2] <a href="http://www.openwall.com/lists/oss-security/2010/09/24/2">http://www.openwall.com/lists/oss-security/2010/09/24/2</a> [3] <a href="http://git.altlinux.org/people/ldv/packages/?p=pam.git;a=commitdiff;h=06f882f30092a39a1db867c9744b2ca8d60e4ad6">http://git.altlinux.org/people/ldv/packages/?p=pam.git;a=commitdiff;h=06f882f30092a39a1db867c9744b2ca8d60e4ad6</a> [4] <a href="http://www.openwall.com/lists/oss-security/2010/09/21/11">http://www.openwall.com/lists/oss-security/2010/09/21/11</a>
| Affected Software | Affected Version | How to fix |
|---|---|---|
| SUSE PAM | <1.1.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://access.redhat.com/security/cve/CVE-2010-3316
- https://sourceforge.net/tracker/?func=detail&aid=3028213&group_id=6663&atid=106663
- http://www.openwall.com/lists/oss-security/2010/09/24/2
- http://git.altlinux.org/people/ldv/packages/?p=pam.git;a=commitdiff;h=06f882f30092a39a1db867c9744b2ca8d60e4ad6
- http://www.openwall.com/lists/oss-security/2010/09/21/11
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=637898#c0
- https://rhn.redhat.com/errata/RHSA-2010-0819.html
- https://rhn.redhat.com/errata/RHSA-2010-0891.html
- https://bugzilla.redhat.com/show_bug.cgi?id=637898
Frequently Asked Questions
What is the severity of REDHAT-BUG-637898?
The severity of REDHAT-BUG-637898 is considered minor.
What is the impact of the vulnerability REDHAT-BUG-637898?
REDHAT-BUG-637898 can allow an attacker to manipulate user permissions due to improper error handling in the setuid() call.
How do I fix REDHAT-BUG-637898?
To fix REDHAT-BUG-637898, update to a patched version of Linux-PAM that resolves the security flaw.
Who is affected by REDHAT-BUG-637898?
Users of Linux-PAM versions prior to 1.1.2 are affected by REDHAT-BUG-637898.
What component of PAM is implicated in REDHAT-BUG-637898?
The vulnerable component in REDHAT-BUG-637898 is the run_coprocess() function within pam_xauth.
- agent/type
- agent/last-modified-date
- agent/first-publish-date
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2010-3316
- agent/references
- agent/severity
- agent/description
- agent/event
- agent/trending
- agent/source
- agent/tags
- agent/softwarecombine
- agent/guess-ai
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/linux-pam
- canonical/suse pam