[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20100707223825.GP828@outflux.net>
Date: Wed, 7 Jul 2010 15:38:25 -0700
From: Kees Cook <kees@...ntu.com>
To: ubuntu-security-announce@...ts.ubuntu.com
Cc: bugtraq@...urityfocus.com, full-disclosure@...ts.grok.org.uk
Subject: [USN-959-1] PAM vulnerability
===========================================================
Ubuntu Security Notice USN-959-1 July 07, 2010
pam vulnerability
CVE-2010-0832
===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 9.10
Ubuntu 10.04 LTS
This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.
The problem can be corrected by upgrading your system to the
following package versions:
Ubuntu 9.10:
libpam-modules 1.1.0-2ubuntu1.1
Ubuntu 10.04 LTS:
libpam-modules 1.1.1-2ubuntu5
In general, a standard system update will make all the necessary changes.
Details follow:
Denis Excoffier discovered that the PAM MOTD module in Ubuntu did
not correctly handle path permissions when creating user file stamps.
A local attacker could exploit this to gain root privilieges.
Updated packages for Ubuntu 9.10:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/p/pam/pam_1.1.0-2ubuntu1.1.diff.gz
Size/MD5: 260774 2ec56b644febfb1fd3c3a5f2a2361130
http://security.ubuntu.com/ubuntu/pool/main/p/pam/pam_1.1.0-2ubuntu1.1.dsc
Size/MD5: 1648 dac6d17eabee6953c017c62185414d16
http://security.ubuntu.com/ubuntu/pool/main/p/pam/pam_1.1.0.orig.tar.gz
Size/MD5: 1739305 004ea633a4bd4d059e68f75b9fab4d35
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/p/pam/libpam-doc_1.1.0-2ubuntu1.1_all.deb
Size/MD5: 315856 28aedc3f904e50b54c9a2d7d5f691484
http://security.ubuntu.com/ubuntu/pool/main/p/pam/libpam-runtime_1.1.0-2ubuntu1.1_all.deb
Size/MD5: 114826 b9d20a67aafade65b6af0cac023bdac7
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/p/pam/libpam-cracklib_1.1.0-2ubuntu1.1_amd64.deb
Size/MD5: 84582 2722dd440bceb99682dc3429d6c66ab9
http://security.ubuntu.com/ubuntu/pool/main/p/pam/libpam-modules_1.1.0-2ubuntu1.1_amd64.deb
Size/MD5: 381616 bc4b2d752054b26571b1551ee8fc3c24
http://security.ubuntu.com/ubuntu/pool/main/p/pam/libpam0g-dev_1.1.0-2ubuntu1.1_amd64.deb
Size/MD5: 191018 7be9e071f3636b80ca52373a635e017b
http://security.ubuntu.com/ubuntu/pool/main/p/pam/libpam0g_1.1.0-2ubuntu1.1_amd64.deb
Size/MD5: 127220 a8e5f4206fa6f65d77e55fdbea03e5df
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/p/pam/libpam-cracklib_1.1.0-2ubuntu1.1_i386.deb
Size/MD5: 84230 fab89a299667ee0f37191662d1ec91b7
http://security.ubuntu.com/ubuntu/pool/main/p/pam/libpam-modules_1.1.0-2ubuntu1.1_i386.deb
Size/MD5: 359888 243b7cd25c68b7bf7f497279af2260f0
http://security.ubuntu.com/ubuntu/pool/main/p/pam/libpam0g-dev_1.1.0-2ubuntu1.1_i386.deb
Size/MD5: 188554 c5d5ae6cc4f1a773cc957e87b72cf417
http://security.ubuntu.com/ubuntu/pool/main/p/pam/libpam0g_1.1.0-2ubuntu1.1_i386.deb
Size/MD5: 124250 d896c2a0b882135b34bae661a25c829f
lpia architecture (Low Power Intel Architecture):
http://ports.ubuntu.com/pool/main/p/pam/libpam-cracklib_1.1.0-2ubuntu1.1_lpia.deb
Size/MD5: 84148 229e72e88d8c525ebac2d4d2086d8f8f
http://ports.ubuntu.com/pool/main/p/pam/libpam-modules_1.1.0-2ubuntu1.1_lpia.deb
Size/MD5: 358290 bf7479c4b8e9dded50c713f8c179cda9
http://ports.ubuntu.com/pool/main/p/pam/libpam0g-dev_1.1.0-2ubuntu1.1_lpia.deb
Size/MD5: 187374 77a5308ea618047fba8e371e33db7852
http://ports.ubuntu.com/pool/main/p/pam/libpam0g_1.1.0-2ubuntu1.1_lpia.deb
Size/MD5: 123886 3edf4fe8d51c3def26eae4d5b54a3c47
powerpc architecture (Apple Macintosh G3/G4/G5):
http://ports.ubuntu.com/pool/main/p/pam/libpam-cracklib_1.1.0-2ubuntu1.1_powerpc.deb
Size/MD5: 84792 8012d58474360ba290b418796f53b3dd
http://ports.ubuntu.com/pool/main/p/pam/libpam-modules_1.1.0-2ubuntu1.1_powerpc.deb
Size/MD5: 380980 e7b4f667271876091017a8e5c8fb6570
http://ports.ubuntu.com/pool/main/p/pam/libpam0g-dev_1.1.0-2ubuntu1.1_powerpc.deb
Size/MD5: 188930 ea33722bea5e4304e968093b70396df9
http://ports.ubuntu.com/pool/main/p/pam/libpam0g_1.1.0-2ubuntu1.1_powerpc.deb
Size/MD5: 127514 eb35897557798d4dc9a3394989441400
sparc architecture (Sun SPARC/UltraSPARC):
http://ports.ubuntu.com/pool/main/p/pam/libpam-cracklib_1.1.0-2ubuntu1.1_sparc.deb
Size/MD5: 84546 4579c413e373c930c15b1feea43f27c0
http://ports.ubuntu.com/pool/main/p/pam/libpam-modules_1.1.0-2ubuntu1.1_sparc.deb
Size/MD5: 366918 ef7abe3044905be705692b7a09243dcd
http://ports.ubuntu.com/pool/main/p/pam/libpam0g-dev_1.1.0-2ubuntu1.1_sparc.deb
Size/MD5: 187018 e324318f10dd0c96fdc97cca1cbdeb07
http://ports.ubuntu.com/pool/main/p/pam/libpam0g_1.1.0-2ubuntu1.1_sparc.deb
Size/MD5: 122882 b15ad14b406b6621e164a0bb237fa3ef
Updated packages for Ubuntu 10.04:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/p/pam/pam_1.1.1-2ubuntu5.diff.gz
Size/MD5: 238745 f085e37315451c2778ceeacad60966bf
http://security.ubuntu.com/ubuntu/pool/main/p/pam/pam_1.1.1-2ubuntu5.dsc
Size/MD5: 1636 1dfddb112a8f417c2b0fa62fa0d52744
http://security.ubuntu.com/ubuntu/pool/main/p/pam/pam_1.1.1.orig.tar.gz
Size/MD5: 1799415 b4838d787dd9b046a4d6992e18b6ffac
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/p/pam/libpam-doc_1.1.1-2ubuntu5_all.deb
Size/MD5: 314838 1cd62135ea43c9dedbb16f3c1da2c49d
http://security.ubuntu.com/ubuntu/pool/main/p/pam/libpam-runtime_1.1.1-2ubuntu5_all.deb
Size/MD5: 114802 e7abc7b52d847295555242288273f767
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/p/pam/libpam-cracklib_1.1.1-2ubuntu5_amd64.deb
Size/MD5: 87274 c29e21faec36bcaebe35a48e080d79f5
http://security.ubuntu.com/ubuntu/pool/main/p/pam/libpam-modules_1.1.1-2ubuntu5_amd64.deb
Size/MD5: 379988 198a067f524a4bb16ca9439f86391d71
http://security.ubuntu.com/ubuntu/pool/main/p/pam/libpam0g-dev_1.1.1-2ubuntu5_amd64.deb
Size/MD5: 188710 ba81edf6c2392b055f4733f726bbaa7f
http://security.ubuntu.com/ubuntu/pool/main/p/pam/libpam0g_1.1.1-2ubuntu5_amd64.deb
Size/MD5: 126120 41fd43e5ee4d80e61fcb6559e3199a00
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/p/pam/libpam-cracklib_1.1.1-2ubuntu5_i386.deb
Size/MD5: 86994 49edae786255f9b096fe4145a7d23ff7
http://security.ubuntu.com/ubuntu/pool/main/p/pam/libpam-modules_1.1.1-2ubuntu5_i386.deb
Size/MD5: 358148 5e2b29f58356c82f5090554f5df912ae
http://security.ubuntu.com/ubuntu/pool/main/p/pam/libpam0g-dev_1.1.1-2ubuntu5_i386.deb
Size/MD5: 183276 64fa5b3e4ca8f5d30c92cd6425eb3cb0
http://security.ubuntu.com/ubuntu/pool/main/p/pam/libpam0g_1.1.1-2ubuntu5_i386.deb
Size/MD5: 122720 70647b5716631abde54544e61efb9aea
powerpc architecture (Apple Macintosh G3/G4/G5):
http://ports.ubuntu.com/pool/main/p/pam/libpam-cracklib_1.1.1-2ubuntu5_powerpc.deb
Size/MD5: 87594 87844d3898231769e9db4aee0d454d71
http://ports.ubuntu.com/pool/main/p/pam/libpam-modules_1.1.1-2ubuntu5_powerpc.deb
Size/MD5: 379036 b5370dea49eba34b4fc564be97b305c4
http://ports.ubuntu.com/pool/main/p/pam/libpam0g-dev_1.1.1-2ubuntu5_powerpc.deb
Size/MD5: 188712 00d91db20163f7a768aaeff1cbcbe539
http://ports.ubuntu.com/pool/main/p/pam/libpam0g_1.1.1-2ubuntu5_powerpc.deb
Size/MD5: 126382 f0ec306eaa945316851d59d8b579c28f
sparc architecture (Sun SPARC/UltraSPARC):
http://ports.ubuntu.com/pool/main/p/pam/libpam-cracklib_1.1.1-2ubuntu5_sparc.deb
Size/MD5: 87312 bf47bb8c5a9ce02f8d606b7021def8f7
http://ports.ubuntu.com/pool/main/p/pam/libpam-modules_1.1.1-2ubuntu5_sparc.deb
Size/MD5: 372130 d78496ad4c242c89d8c7d0b62cd540c5
http://ports.ubuntu.com/pool/main/p/pam/libpam0g-dev_1.1.1-2ubuntu5_sparc.deb
Size/MD5: 184682 dc7bd434195b4707e75ef9716d751f0f
http://ports.ubuntu.com/pool/main/p/pam/libpam0g_1.1.1-2ubuntu5_sparc.deb
Size/MD5: 122362 e2b1204eca46b0b6eab017c46a718c9a
Download attachment "signature.asc" of type "application/pgp-signature" (237 bytes)
Powered by blists - more mailing lists