Common Vulnerabilities and Exposures assigned an identifier CVE-2010-4707 to
the following vulnerability:
The check_acl function in pam_xauth.c in the pam_xauth module in
Linux-PAM (aka pam) 1.1.2 and earlier does not verify that a certain
ACL file is a regular file, which might allow local users to cause a
denial of service (resource consumption) via a special file.
This issue affects the version of the pam package, as shipped
with Red Hat Enterprise Linux 4.
This issue does NOT affect the versions of the pam package,
as shipped with Red Hat Enterprise Linux 5 and 6. Relevant
pam package versions were already updated:
1, for Red Hat Enterprise Linux 5 via:
2, for Red Hat Enterprise Linux 6 via:
This issue does NOT affect the versions of the pam package, as shipped
with Fedora release of 13 and 14. Relevant pam package versions were
1, for Fedora-13 the version which contains the patch for this issue is:
2, for Fedora-14 the version which contains the patch for this issue is:
I'm not sure why CVE description mentions resource consumption DoS here. It seems the main concern is that some service using pam_xauth may block on read if user replaces their ACL file e.g. pipe. The pam_xauth module is only used with local applications used to switch or elevate privileges (su, system-config-* GUI configuration utilities), so the local user can block certain apps (su, consolehelper) running with different privileges. However, this can only happen if the user is allowed to run those applications (commands run via su, or system-config-*) with changed privileges, which is likely to require more resources than small suid helper blocked on read. So the security impact is limited.
The Red Hat Security Response Team has rated this issue as having low security impact. This issue was addressed in the PAM packages in Red Hat Enterprise Linux 5 via RHSA-2010:0819 and in Red Hat Enterprise Linux 6 via RHSA-2010:0891. A future update may correct this issue in the PAM packages in Red Hat Enterprise Linux 4.