- Vulnerability/
- RHSA-2010:0891
RHSA-2010:0891: Moderate: pam security update
First published: Tue Nov 16 2010(Updated: )
Pluggable Authentication Modules (PAM) provide a system whereby<br>administrators can set up authentication policies without having to<br>recompile programs that handle authentication.<br>It was discovered that the pam_namespace module executed the external<br>script namespace.init with an unchanged environment inherited from an<br>application calling PAM. In cases where such an environment was untrusted<br>(for example, when pam_namespace was configured for setuid applications<br>such as su or sudo), a local, unprivileged user could possibly use this<br>flaw to escalate their privileges. (CVE-2010-3853)<br>It was discovered that the pam_env and pam_mail modules used root<br>privileges while accessing user's files. A local, unprivileged user could<br>use this flaw to obtain information, from the lines that have the KEY=VALUE<br>format expected by pam_env, from an arbitrary file. Also, in certain<br>configurations, a local, unprivileged user using a service for which the<br>pam_mail module was configured for, could use this flaw to obtain limited<br>information about files or directories that they do not have access to.<br>(CVE-2010-3435)<br>Note: As part of the fix for CVE-2010-3435, this update changes the default<br>value of pam_env's configuration option user_readenv to 0, causing the<br>module to not read user's ~/.pam_environment configuration file by default,<br>as reading it may introduce unexpected changes to the environment of the<br>service using PAM, or PAM modules consulted after pam_env.<br>It was discovered that the pam_xauth module did not verify the return<br>values of the setuid() and setgid() system calls. A local, unprivileged<br>user could use this flaw to execute the xauth command with root privileges<br>and make it read an arbitrary input file. (CVE-2010-3316)<br>Red Hat would like to thank Sebastian Krahmer of the SuSE Security Team for<br>reporting the CVE-2010-3435 issue.<br>All pam users should upgrade to these updated packages, which contain<br>backported patches to correct these issues.<br>
| Affected Software | Affected Version | How to fix |
|---|---|---|
| redhat/pam | <1.1.1-4.el6_0.1 | 1.1.1-4.el6_0.1 |
| redhat/pam | <1.1.1-4.el6_0.1 | 1.1.1-4.el6_0.1 |
| redhat/pam-debuginfo | <1.1.1-4.el6_0.1 | 1.1.1-4.el6_0.1 |
| redhat/pam-debuginfo | <1.1.1-4.el6_0.1 | 1.1.1-4.el6_0.1 |
| redhat/pam-devel | <1.1.1-4.el6_0.1 | 1.1.1-4.el6_0.1 |
| redhat/pam-devel | <1.1.1-4.el6_0.1 | 1.1.1-4.el6_0.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of RHSA-2010:0891?
The severity of RHSA-2010:0891 is considered moderate.
How do I fix RHSA-2010:0891?
To fix RHSA-2010:0891, you should update the pam package to version 1.1.1-4.el6_0.1 or later.
Which software is affected by RHSA-2010:0891?
RHSA-2010:0891 affects the pam, pam-debuginfo, and pam-devel packages on Red Hat Enterprise Linux 6.
Is there a workaround for RHSA-2010:0891?
Currently, there are no recommended workarounds for RHSA-2010:0891 other than applying the available update.
What is the impact of RHSA-2010:0891 on system security?
The impact of RHSA-2010:0891 can lead to potential security risks due to the execution of an external script in the authentication process.
- collector/redhat-errata
- anchor-id/RHSA-2010:0891
- agent/references
- agent/title
- agent/severity
- agent/tags
- agent/description
- agent/type
- agent/event
- agent/first-publish-date
- agent/softwarecombine
- agent/remedy
- agent/last-modified-date
- package-manager/redhat