REDHAT-BUG-641361
First published: Fri Oct 08 2010(Updated: )
The pam_mail and pam_env modules in Linux-PAM before 1.1.2 did not drop privileges before accessing users' files (<a href="https://access.redhat.com/security/cve/CVE-2010-3435">CVE-2010-3435</a>, see <a class="bz_bug_link bz_status_CLOSED bz_closed bz_public " title="CLOSED ERRATA - CVE-2010-3435 pam: pam_env and pam_mail accessing users' file with root privileges" href="show_bug.cgi?id=641335">bug #641335</a>). Privilege dropping was added in 1.1.2, but with couple of issues pointed out by Solar Designer: <a href="http://thread.gmane.org/gmane.comp.security.oss.general/3311/focus=3534">http://thread.gmane.org/gmane.comp.security.oss.general/3311/focus=3534</a> The code fails to switch fsgid/egid and groups (<a href="https://access.redhat.com/security/cve/CVE-2010-3430">CVE-2010-3430</a>) and does not check setfsuid() return value (<a href="https://access.redhat.com/security/cve/CVE-2010-3431">CVE-2010-3431</a>). Fix using newly-introduced pam_modutil_drop_priv / pam_modutil_regain_priv was committed in upstream CVS and should be included in 1.1.3: <a href="http://git.altlinux.org/people/ldv/packages/?p=pam.git;a=commitdiff;h=843807a3a90f52e7538be756616510730a24739a">http://git.altlinux.org/people/ldv/packages/?p=pam.git;a=commitdiff;h=843807a3a90f52e7538be756616510730a24739a</a>
| Affected Software | Affected Version | How to fix |
|---|---|---|
| SUSE PAM | <1.1.2 | |
| SUSE PAM | >1.1.2 | |
| SUSE PAM | >=1.1.3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://access.redhat.com/security/cve/CVE-2010-3435
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=641335
- http://thread.gmane.org/gmane.comp.security.oss.general/3311/focus=3534
- https://access.redhat.com/security/cve/CVE-2010-3430
- https://access.redhat.com/security/cve/CVE-2010-3431
- http://git.altlinux.org/people/ldv/packages/?p=pam.git;a=commitdiff;h=843807a3a90f52e7538be756616510730a24739a
- https://bugzilla.redhat.com/show_bug.cgi?id=641361
Frequently Asked Questions
What is the severity of REDHAT-BUG-641361?
The severity of REDHAT-BUG-641361 is classified as high due to privilege escalation risks.
How do I fix REDHAT-BUG-641361?
To fix REDHAT-BUG-641361, upgrade your Linux-PAM to version 1.1.3 or later.
What systems are affected by REDHAT-BUG-641361?
REDHAT-BUG-641361 affects all versions of Linux-PAM prior to 1.1.3.
What are the potential impacts of REDHAT-BUG-641361?
The potential impacts of REDHAT-BUG-641361 include unauthorized access to user files and potential privilege escalation.
Is there a workaround for REDHAT-BUG-641361?
A temporary workaround for REDHAT-BUG-641361 is to restrict access to the pam_mail and pam_env modules until they can be updated.
- collector/redhat-bugzilla
- alias/CVE-2010-3430
- agent/type
- agent/first-publish-date
- agent/last-modified-date
- agent/references
- agent/description
- agent/severity
- agent/event
- agent/tags
- agent/softwarecombine
- agent/guess-ai
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/linux-pam
- canonical/suse pam