|
|
|
|
Linux-PAM User Name Spoofing Vulnerability
|
|
Secunia Advisory:
|
SA9057
|
|
|
Release Date:
|
2003-06-17
|
|
Popularity:
|
13,621 views
|
|
|
Critical:
|
Less critical
|
|
Impact:
|
Privilege escalation
|
|
Where:
|
Local system
|
|
Solution Status:
|
Vendor Patch
|
|
| OS: | Astaro Security Linux 2.x
Astaro Security Linux 3.x
Cobalt Linux 6
Conectiva Linux 6.0
Conectiva Linux 7.0
Conectiva Linux 8
Conectiva Linux 9
Debian GNU/Linux 2.x
Debian GNU/Linux 3.0
Debian GNU/Linux unstable alias sid
EnGarde Secure Community 1.x
Gentoo Linux 1.x
Mandrake Linux 7.x
Mandrake Linux 8.x
Mandrake Linux 9.x
OpenLinux Server 3.x
OpenLinux Workstation 3.x
RedHat Enterprise Linux AS 2.1
RedHat Enterprise Linux ES 2.1
RedHat Enterprise Linux WS 2.1
RedHat Linux 6.2
RedHat Linux 7.0
RedHat Linux 7.1
RedHat Linux 7.2
RedHat Linux 7.3
RedHat Linux 8.0
RedHat Linux 9
RedHat Linux Advanced Server 2.1 for Itanium
RedHat Linux Advanced Workstation 2.1 for Itanium
Slackware Linux 8.x
Slackware Linux 9.0
Sun Linux 5.x
SuSE Linux 7.x
SuSE Linux 8.x
SuSE Linux Connectivity Server
SuSE Linux Database Server
SuSE Linux Enterprise Server 7
SuSE Linux Enterprise Server 8
SuSE Linux Firewall on CD/Admin host
SuSE Linux Office Server
Trustix Linux 1.0
Trustix Linux 1.1
Trustix Linux 1.2
Trustix Linux 1.5
|
| | Software: | Linux-PAM 0.x
|
|
|
Subscribe:
|
Instant alerts on relevant vulnerabilities 
|
| | CVE reference: | CVE-2003-0388
|
|
Description:
A vulnerability has been identified in Linux-PAM, which allows malicious, local users to escalate their privileges.
The problem exists if PAM has been configured with "pam_wheel" to allow trusted users to become root without supplying the root password. Furthermore, the "trust" option has to be enabled and the "use_uid" option disabled.
Creating a "link" to the "tty" of a wheel user and starting "bash" so that it reads this "tty" allows malicious users to bypass the verification and escalate their privileges.
Solution:
Reportedly, a patch has been released, which ensures better verification of the user.
We strongly recommend that you activate "use_uid" and only use "pam_wheel" if it is required.
We are not aware of Linux distributions, which are vulnerable by default.
Provided and/or discovered by:
Discovered by Karol Wiesek
Published by iDEFENSE
Original Advisory:
http://www.idefense.com/advisory/06.16.03.txt
|
|
|
Track this Secunia Advisory
|
Customers of the Secunia Vulnerability Intelligence solutions will automatically receive updates when new information regarding this advisory is released.
Read more about our Vulnerability Intelligence solutions and what they can do for you and your company.
|
|
|
About this Secunia Advisory
|
Please note: The information that this Secunia Advisory is based on comes from a third party unless stated otherwise.
Secunia collects, validates, and verifies all vulnerability reports issued by security research groups, vendors, and others.
|
|
|
2nd Dec, 2008
|
New advisories:
|
14 |
|
New vulnerabilities:
|
21 |
|
Updated advisories:
|
26 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
 Solutions | More...
|
|
|
|
Send Feedback to Secunia
|
If you have new information regarding this Secunia advisory or a product in our database, please send it to us using either our web form or email us at vuln@secunia.com.
Ideas, suggestions, and other feedback are most welcome.
|
|
|
|
|
|
|
