lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20100707223825.GP828@outflux.net>
Date: Wed, 7 Jul 2010 15:38:25 -0700
From: Kees Cook <kees@...ntu.com>
To: ubuntu-security-announce@...ts.ubuntu.com
Cc: bugtraq@...urityfocus.com, full-disclosure@...ts.grok.org.uk
Subject: [USN-959-1] PAM vulnerability

===========================================================
Ubuntu Security Notice USN-959-1              July 07, 2010
pam vulnerability
CVE-2010-0832
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 9.10
Ubuntu 10.04 LTS

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 9.10:
  libpam-modules                  1.1.0-2ubuntu1.1

Ubuntu 10.04 LTS:
  libpam-modules                  1.1.1-2ubuntu5

In general, a standard system update will make all the necessary changes.

Details follow:

Denis Excoffier discovered that the PAM MOTD module in Ubuntu did
not correctly handle path permissions when creating user file stamps.
A local attacker could exploit this to gain root privilieges.


Updated packages for Ubuntu 9.10:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/p/pam/pam_1.1.0-2ubuntu1.1.diff.gz
      Size/MD5:   260774 2ec56b644febfb1fd3c3a5f2a2361130
    http://security.ubuntu.com/ubuntu/pool/main/p/pam/pam_1.1.0-2ubuntu1.1.dsc
      Size/MD5:     1648 dac6d17eabee6953c017c62185414d16
    http://security.ubuntu.com/ubuntu/pool/main/p/pam/pam_1.1.0.orig.tar.gz
      Size/MD5:  1739305 004ea633a4bd4d059e68f75b9fab4d35

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/main/p/pam/libpam-doc_1.1.0-2ubuntu1.1_all.deb
      Size/MD5:   315856 28aedc3f904e50b54c9a2d7d5f691484
    http://security.ubuntu.com/ubuntu/pool/main/p/pam/libpam-runtime_1.1.0-2ubuntu1.1_all.deb
      Size/MD5:   114826 b9d20a67aafade65b6af0cac023bdac7

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/p/pam/libpam-cracklib_1.1.0-2ubuntu1.1_amd64.deb
      Size/MD5:    84582 2722dd440bceb99682dc3429d6c66ab9
    http://security.ubuntu.com/ubuntu/pool/main/p/pam/libpam-modules_1.1.0-2ubuntu1.1_amd64.deb
      Size/MD5:   381616 bc4b2d752054b26571b1551ee8fc3c24
    http://security.ubuntu.com/ubuntu/pool/main/p/pam/libpam0g-dev_1.1.0-2ubuntu1.1_amd64.deb
      Size/MD5:   191018 7be9e071f3636b80ca52373a635e017b
    http://security.ubuntu.com/ubuntu/pool/main/p/pam/libpam0g_1.1.0-2ubuntu1.1_amd64.deb
      Size/MD5:   127220 a8e5f4206fa6f65d77e55fdbea03e5df

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/p/pam/libpam-cracklib_1.1.0-2ubuntu1.1_i386.deb
      Size/MD5:    84230 fab89a299667ee0f37191662d1ec91b7
    http://security.ubuntu.com/ubuntu/pool/main/p/pam/libpam-modules_1.1.0-2ubuntu1.1_i386.deb
      Size/MD5:   359888 243b7cd25c68b7bf7f497279af2260f0
    http://security.ubuntu.com/ubuntu/pool/main/p/pam/libpam0g-dev_1.1.0-2ubuntu1.1_i386.deb
      Size/MD5:   188554 c5d5ae6cc4f1a773cc957e87b72cf417
    http://security.ubuntu.com/ubuntu/pool/main/p/pam/libpam0g_1.1.0-2ubuntu1.1_i386.deb
      Size/MD5:   124250 d896c2a0b882135b34bae661a25c829f

  lpia architecture (Low Power Intel Architecture):

    http://ports.ubuntu.com/pool/main/p/pam/libpam-cracklib_1.1.0-2ubuntu1.1_lpia.deb
      Size/MD5:    84148 229e72e88d8c525ebac2d4d2086d8f8f
    http://ports.ubuntu.com/pool/main/p/pam/libpam-modules_1.1.0-2ubuntu1.1_lpia.deb
      Size/MD5:   358290 bf7479c4b8e9dded50c713f8c179cda9
    http://ports.ubuntu.com/pool/main/p/pam/libpam0g-dev_1.1.0-2ubuntu1.1_lpia.deb
      Size/MD5:   187374 77a5308ea618047fba8e371e33db7852
    http://ports.ubuntu.com/pool/main/p/pam/libpam0g_1.1.0-2ubuntu1.1_lpia.deb
      Size/MD5:   123886 3edf4fe8d51c3def26eae4d5b54a3c47

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://ports.ubuntu.com/pool/main/p/pam/libpam-cracklib_1.1.0-2ubuntu1.1_powerpc.deb
      Size/MD5:    84792 8012d58474360ba290b418796f53b3dd
    http://ports.ubuntu.com/pool/main/p/pam/libpam-modules_1.1.0-2ubuntu1.1_powerpc.deb
      Size/MD5:   380980 e7b4f667271876091017a8e5c8fb6570
    http://ports.ubuntu.com/pool/main/p/pam/libpam0g-dev_1.1.0-2ubuntu1.1_powerpc.deb
      Size/MD5:   188930 ea33722bea5e4304e968093b70396df9
    http://ports.ubuntu.com/pool/main/p/pam/libpam0g_1.1.0-2ubuntu1.1_powerpc.deb
      Size/MD5:   127514 eb35897557798d4dc9a3394989441400

  sparc architecture (Sun SPARC/UltraSPARC):

    http://ports.ubuntu.com/pool/main/p/pam/libpam-cracklib_1.1.0-2ubuntu1.1_sparc.deb
      Size/MD5:    84546 4579c413e373c930c15b1feea43f27c0
    http://ports.ubuntu.com/pool/main/p/pam/libpam-modules_1.1.0-2ubuntu1.1_sparc.deb
      Size/MD5:   366918 ef7abe3044905be705692b7a09243dcd
    http://ports.ubuntu.com/pool/main/p/pam/libpam0g-dev_1.1.0-2ubuntu1.1_sparc.deb
      Size/MD5:   187018 e324318f10dd0c96fdc97cca1cbdeb07
    http://ports.ubuntu.com/pool/main/p/pam/libpam0g_1.1.0-2ubuntu1.1_sparc.deb
      Size/MD5:   122882 b15ad14b406b6621e164a0bb237fa3ef

Updated packages for Ubuntu 10.04:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/p/pam/pam_1.1.1-2ubuntu5.diff.gz
      Size/MD5:   238745 f085e37315451c2778ceeacad60966bf
    http://security.ubuntu.com/ubuntu/pool/main/p/pam/pam_1.1.1-2ubuntu5.dsc
      Size/MD5:     1636 1dfddb112a8f417c2b0fa62fa0d52744
    http://security.ubuntu.com/ubuntu/pool/main/p/pam/pam_1.1.1.orig.tar.gz
      Size/MD5:  1799415 b4838d787dd9b046a4d6992e18b6ffac

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/main/p/pam/libpam-doc_1.1.1-2ubuntu5_all.deb
      Size/MD5:   314838 1cd62135ea43c9dedbb16f3c1da2c49d
    http://security.ubuntu.com/ubuntu/pool/main/p/pam/libpam-runtime_1.1.1-2ubuntu5_all.deb
      Size/MD5:   114802 e7abc7b52d847295555242288273f767

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/p/pam/libpam-cracklib_1.1.1-2ubuntu5_amd64.deb
      Size/MD5:    87274 c29e21faec36bcaebe35a48e080d79f5
    http://security.ubuntu.com/ubuntu/pool/main/p/pam/libpam-modules_1.1.1-2ubuntu5_amd64.deb
      Size/MD5:   379988 198a067f524a4bb16ca9439f86391d71
    http://security.ubuntu.com/ubuntu/pool/main/p/pam/libpam0g-dev_1.1.1-2ubuntu5_amd64.deb
      Size/MD5:   188710 ba81edf6c2392b055f4733f726bbaa7f
    http://security.ubuntu.com/ubuntu/pool/main/p/pam/libpam0g_1.1.1-2ubuntu5_amd64.deb
      Size/MD5:   126120 41fd43e5ee4d80e61fcb6559e3199a00

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/p/pam/libpam-cracklib_1.1.1-2ubuntu5_i386.deb
      Size/MD5:    86994 49edae786255f9b096fe4145a7d23ff7
    http://security.ubuntu.com/ubuntu/pool/main/p/pam/libpam-modules_1.1.1-2ubuntu5_i386.deb
      Size/MD5:   358148 5e2b29f58356c82f5090554f5df912ae
    http://security.ubuntu.com/ubuntu/pool/main/p/pam/libpam0g-dev_1.1.1-2ubuntu5_i386.deb
      Size/MD5:   183276 64fa5b3e4ca8f5d30c92cd6425eb3cb0
    http://security.ubuntu.com/ubuntu/pool/main/p/pam/libpam0g_1.1.1-2ubuntu5_i386.deb
      Size/MD5:   122720 70647b5716631abde54544e61efb9aea

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://ports.ubuntu.com/pool/main/p/pam/libpam-cracklib_1.1.1-2ubuntu5_powerpc.deb
      Size/MD5:    87594 87844d3898231769e9db4aee0d454d71
    http://ports.ubuntu.com/pool/main/p/pam/libpam-modules_1.1.1-2ubuntu5_powerpc.deb
      Size/MD5:   379036 b5370dea49eba34b4fc564be97b305c4
    http://ports.ubuntu.com/pool/main/p/pam/libpam0g-dev_1.1.1-2ubuntu5_powerpc.deb
      Size/MD5:   188712 00d91db20163f7a768aaeff1cbcbe539
    http://ports.ubuntu.com/pool/main/p/pam/libpam0g_1.1.1-2ubuntu5_powerpc.deb
      Size/MD5:   126382 f0ec306eaa945316851d59d8b579c28f

  sparc architecture (Sun SPARC/UltraSPARC):

    http://ports.ubuntu.com/pool/main/p/pam/libpam-cracklib_1.1.1-2ubuntu5_sparc.deb
      Size/MD5:    87312 bf47bb8c5a9ce02f8d606b7021def8f7
    http://ports.ubuntu.com/pool/main/p/pam/libpam-modules_1.1.1-2ubuntu5_sparc.deb
      Size/MD5:   372130 d78496ad4c242c89d8c7d0b62cd540c5
    http://ports.ubuntu.com/pool/main/p/pam/libpam0g-dev_1.1.1-2ubuntu5_sparc.deb
      Size/MD5:   184682 dc7bd434195b4707e75ef9716d751f0f
    http://ports.ubuntu.com/pool/main/p/pam/libpam0g_1.1.1-2ubuntu5_sparc.deb
      Size/MD5:   122362 e2b1204eca46b0b6eab017c46a718c9a


Download attachment "signature.asc" of type "application/pgp-signature" (237 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ