Bug 672486 (CVE-2010-4707)
Summary: | CVE-2010-4707 pam: pam_xauth: Does not check if certain ACL file is a regular file | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Jan Lieskovsky <jlieskov> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED ERRATA | QA Contact: | |
Severity: | low | Docs Contact: | |
Priority: | low | ||
Version: | unspecified | CC: | bressers, tmraz, wnefal+redhatbugzilla |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2011-08-18 19:17:06 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Jan Lieskovsky
2011-01-25 10:06:59 UTC
This issue affects the version of the pam package, as shipped with Red Hat Enterprise Linux 4. This issue does NOT affect the versions of the pam package, as shipped with Red Hat Enterprise Linux 5 and 6. Relevant pam package versions were already updated: 1, for Red Hat Enterprise Linux 5 via: RHSA-2010:0819 https://rhn.redhat.com/errata/RHSA-2010-0819.html 2, for Red Hat Enterprise Linux 6 via: RHSA-2010:0891 https://rhn.redhat.com/errata/RHSA-2010-0891.html -- This issue does NOT affect the versions of the pam package, as shipped with Fedora release of 13 and 14. Relevant pam package versions were already updated: 1, for Fedora-13 the version which contains the patch for this issue is: pam-1.1.1-6.fc13 2, for Fedora-14 the version which contains the patch for this issue is: pam-1.1.1-6.fc14 I'm not sure why CVE description mentions resource consumption DoS here. It seems the main concern is that some service using pam_xauth may block on read if user replaces their ACL file e.g. pipe. The pam_xauth module is only used with local applications used to switch or elevate privileges (su, system-config-* GUI configuration utilities), so the local user can block certain apps (su, consolehelper) running with different privileges. However, this can only happen if the user is allowed to run those applications (commands run via su, or system-config-*) with changed privileges, which is likely to require more resources than small suid helper blocked on read. So the security impact is limited. Statement: The Red Hat Security Response Team has rated this issue as having low security impact. This issue was addressed in the PAM packages in Red Hat Enterprise Linux 5 via RHSA-2010:0819 and in Red Hat Enterprise Linux 6 via RHSA-2010:0891. A future update may correct this issue in the PAM packages in Red Hat Enterprise Linux 4. |