Rapid7 Vulnerability & Exploit Database

RHSA-2003:035: Updated PAM packages fix bug in pam_xauth module

Back to Search

RHSA-2003:035: Updated PAM packages fix bug in pam_xauth module

Severity
7
CVSS
(AV:L/AC:L/Au:N/C:C/I:C/A:C)
Published
02/19/2003
Created
07/25/2018
Added
10/28/2005
Modified
07/04/2017

Description

Updated PAM packages are now available for Red Hat Linux 7.1, 7.2, 7.3, and 8.0. These packages correct a bug in pam_xauth's handling of authorization data for the root user. [Updated 16 April 2003] Added packages for Red Hat Linux on IBM iSeries and pSeries systems.

The pam_xauth module is used to forward xauth information from user to user in applications such as 'su'. Andreas Beck discovered that versions of pam_xauth supplied with Red Hat Linux since version 7.1 would forward authorization information from the root account to unprivileged users. This could be used by a local attacker to gain access to an administrator's X session. In order to exploit this vulnerability, the attacker would have to get the administrator, as root, to use su to the account belonging to the attacker. Users of pam_xauth are advised to upgrade to these errata packages, which contain a patch that adds ACL (access control list) functionality to pam_xauth and disallows root forwarding by default. Versions of pam_xauth included in Red Hat Linux 7 and earlier disabled passing of credentials from the root account to unprivileged users by default and are not affected by this issue. Thanks to Andreas Beck for reporting this issue.

Solution(s)

  • redhat-upgrade-pam
  • redhat-upgrade-pam-devel

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;