Bug 578168 (CVE-2010-1151)

Summary: CVE-2010-1151 mod_auth_shadow: bad wait(2) call causes randomized authorization behaviour
Product: [Other] Security Response Reporter: John Sullivan <jsrhbz>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED ERRATA QA Contact:
Severity: low Docs Contact:
Priority: low    
Version: unspecifiedCC: bressers, jlieskov, jreznik, security-response-team
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2015-08-22 06:57:17 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 580901    
Bug Blocks:    

Comment 1 Jan Lieskovsky 2010-04-08 11:47:32 UTC 
This is CVE-2010-1151.
Comment 2 Jan Lieskovsky 2010-04-08 13:10:48 UTC 
A race condition was found in the way mod_auth_shadow
used an external helper binary to validate user credentials
(username / password pairs). A remote attacker could use this flaw
to bypass intended access restrictions, resulting in ability
to view and potentially alter resources, which should be otherwise
protected by authentication.

Acknowledgements:

Red Hat would like to thank John Sullivan for responsibly
reporting this flaw.
Comment 5 Fedora Update System 2010-04-09 13:24:50 UTC 
mod_auth_shadow-2.2-8.fc13 has been submitted as an update for Fedora 13.
http://admin.fedoraproject.org/updates/mod_auth_shadow-2.2-8.fc13
Comment 6 Fedora Update System 2010-04-09 13:25:18 UTC 
mod_auth_shadow-2.2-8.fc12 has been submitted as an update for Fedora 12.
http://admin.fedoraproject.org/updates/mod_auth_shadow-2.2-8.fc12
Comment 7 Fedora Update System 2010-04-09 13:26:28 UTC 
mod_auth_shadow-2.2-8.fc11 has been submitted as an update for Fedora 11.
http://admin.fedoraproject.org/updates/mod_auth_shadow-2.2-8.fc11
Comment 8 Fedora Update System 2010-04-09 14:09:59 UTC 
mod_auth_shadow-2.2-4.el4 has been submitted as an update for Fedora EPEL 4.
http://admin.fedoraproject.org/updates/mod_auth_shadow-2.2-4.el4
Comment 9 Fedora Update System 2010-04-09 14:11:28 UTC 
mod_auth_shadow-2.2-5.el5 has been submitted as an update for Fedora EPEL 5.
http://admin.fedoraproject.org/updates/mod_auth_shadow-2.2-5.el5
Comment 10 Fedora Update System 2010-05-13 19:25:45 UTC 
mod_auth_shadow-2.2-8.fc11 has been pushed to the Fedora 11 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 11 Fedora Update System 2010-05-13 19:28:05 UTC 
mod_auth_shadow-2.2-8.fc12 has been pushed to the Fedora 12 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 12 Fedora Update System 2010-05-14 01:07:30 UTC 
mod_auth_shadow-2.2-4.el4 has been pushed to the Fedora EPEL 4 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 13 Fedora Update System 2010-05-14 01:07:58 UTC 
mod_auth_shadow-2.2-5.el5 has been pushed to the Fedora EPEL 5 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 14 Fedora Update System 2010-05-28 17:55:31 UTC 
mod_auth_shadow-2.2-8.fc13 has been pushed to the Fedora 13 stable repository.  If problems still persist, please make note of it in this bug report.