Bugzilla will be upgraded to version 5.0 on a still to be determined date in the near future. The original upgrade date has been delayed.
First Last Prev Next    This bug is not in your last search results.
Bug 672486 - (CVE-2010-4707) CVE-2010-4707 pam: pam_xauth: Does not check if certain ACL file is a regular file
CVE-2010-4707 pam: pam_xauth: Does not check if certain ACL file is a regular...
Status: CLOSED ERRATA
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
unspecified
All Linux
low Severity low
: ---
: ---
Assigned To: Red Hat Product Security
public=20101003,reported=20110124,sou...
: Security
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2011-01-25 05:06 EST by Jan Lieskovsky
Modified: 2011-08-18 15:17 EDT (History)
3 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2011-08-18 15:17:06 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

  None (edit)
Description Jan Lieskovsky 2011-01-25 05:06:59 EST 
Common Vulnerabilities and Exposures assigned an identifier CVE-2010-4707 to
the following vulnerability:

The check_acl function in pam_xauth.c in the pam_xauth module in
Linux-PAM (aka pam) 1.1.2 and earlier does not verify that a certain
ACL file is a regular file, which might allow local users to cause a
denial of service (resource consumption) via a special file.

References:
[1] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4707
[2] http://openwall.com/lists/oss-security/2010/10/03/1
[3] http://git.altlinux.org/people/ldv/packages/?p=pam.git;a=commit;h=Linux-PAM-1_1_2-2-gffe7058c70253d574b1963c7c93002bd410fddc9
Comment 1 Jan Lieskovsky 2011-01-25 05:09:13 EST 
This issue affects the version of the pam package, as shipped
with Red Hat Enterprise Linux 4.

This issue does NOT affect the versions of the pam package,
as shipped with Red Hat Enterprise Linux 5 and 6. Relevant
pam package versions were already updated:
1, for Red Hat Enterprise Linux 5 via:
   RHSA-2010:0819 https://rhn.redhat.com/errata/RHSA-2010-0819.html

2, for Red Hat Enterprise Linux 6 via:
   RHSA-2010:0891 https://rhn.redhat.com/errata/RHSA-2010-0891.html

--

This issue does NOT affect the versions of the pam package, as shipped
with Fedora release of 13 and 14. Relevant pam package versions were
already updated:
1, for Fedora-13 the version which contains the patch for this issue is:
   pam-1.1.1-6.fc13
2, for Fedora-14 the version which contains the patch for this issue is:
   pam-1.1.1-6.fc14
Comment 2 Tomas Hoger 2011-02-01 06:01:54 EST 
I'm not sure why CVE description mentions resource consumption DoS here.  It seems the main concern is that some service using pam_xauth may block on read if user replaces their ACL file e.g. pipe.  The pam_xauth module is only used with local applications used to switch or elevate privileges (su, system-config-* GUI configuration utilities), so the local user can block certain apps (su, consolehelper) running with different privileges.  However, this can only happen if the user is allowed to run those applications (commands run via su, or system-config-*) with changed privileges, which is likely to require more resources than small suid helper blocked on read.  So the security impact is limited.

Statement:

The Red Hat Security Response Team has rated this issue as having low security impact. This issue was addressed in the PAM packages in Red Hat Enterprise Linux 5 via RHSA-2010:0819 and in Red Hat Enterprise Linux 6 via RHSA-2010:0891. A future update may correct this issue in the PAM packages in Red Hat Enterprise Linux 4.
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.