lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <20101025180936.GL980@outflux.net>
Date: Mon, 25 Oct 2010 11:09:36 -0700
From: Kees Cook <kees@...ntu.com>
To: ubuntu-security-announce@...ts.ubuntu.com
Cc: full-disclosure@...ts.grok.org.uk, bugtraq@...urityfocus.com
Subject: [USN-959-2] PAM vulnerability

===========================================================
Ubuntu Security Notice USN-959-2           October 25, 2010
pam vulnerability
CVE-2010-0832
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 10.10

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 10.10:
  libpam-modules                  1.1.1-4ubuntu2

In general, a standard system update will make all the necessary changes.

Details follow:

USN-959-1 fixed vulnerabilities in PAM. This update provides the
corresponding updates for Ubuntu 10.10.

Original advisory details:

 Denis Excoffier discovered that the PAM MOTD module in Ubuntu did
 not correctly handle path permissions when creating user file stamps.
 A local attacker could exploit this to gain root privilieges.


Updated packages for Ubuntu 10.10:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/p/pam/pam_1.1.1-4ubuntu2.diff.gz
      Size/MD5:   256311 70ceb0ea3e0aea771cb0ee4d20159302
    http://security.ubuntu.com/ubuntu/pool/main/p/pam/pam_1.1.1-4ubuntu2.dsc
      Size/MD5:     1636 8b0a9a5576629cdc16a07fb6221555d1
    http://security.ubuntu.com/ubuntu/pool/main/p/pam/pam_1.1.1.orig.tar.gz
      Size/MD5:  1799415 b4838d787dd9b046a4d6992e18b6ffac

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/main/p/pam/libpam-doc_1.1.1-4ubuntu2_all.deb
      Size/MD5:   284250 ee51d0d5117e8005bd96d365160ab8fc
    http://security.ubuntu.com/ubuntu/pool/main/p/pam/libpam-runtime_1.1.1-4ubuntu2_all.deb
      Size/MD5:    85274 65b297ca5b321eef1b76c05b7e15da01

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/p/pam/libpam-cracklib_1.1.1-4ubuntu2_amd64.deb
      Size/MD5:    56638 2058636a296f011ee82fb1085bcf98a0
    http://security.ubuntu.com/ubuntu/pool/main/p/pam/libpam-modules_1.1.1-4ubuntu2_amd64.deb
      Size/MD5:   347314 d5f3e4cf08b35bf1c4772d0e17df9787
    http://security.ubuntu.com/ubuntu/pool/main/p/pam/libpam0g-dev_1.1.1-4ubuntu2_amd64.deb
      Size/MD5:   158630 5b55c802a6e55ad7de7dca34853cadf5
    http://security.ubuntu.com/ubuntu/pool/main/p/pam/libpam0g_1.1.1-4ubuntu2_amd64.deb
      Size/MD5:    94660 a3f147932dc1c9dc7c0fff522bc7f7cd

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/p/pam/libpam-cracklib_1.1.1-4ubuntu2_i386.deb
      Size/MD5:    56300 6ebc733abee6253e70f7862b8c8deead
    http://security.ubuntu.com/ubuntu/pool/main/p/pam/libpam-modules_1.1.1-4ubuntu2_i386.deb
      Size/MD5:   323066 799c517fe7928f1afbf2b440c87e23c3
    http://security.ubuntu.com/ubuntu/pool/main/p/pam/libpam0g-dev_1.1.1-4ubuntu2_i386.deb
      Size/MD5:   152140 5fef5190dfed92ca9c30e11723d7dd09
    http://security.ubuntu.com/ubuntu/pool/main/p/pam/libpam0g_1.1.1-4ubuntu2_i386.deb
      Size/MD5:    91718 498d37554ea0e6327aa91c6a7fb7e2ca

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://ports.ubuntu.com/pool/main/p/pam/libpam-cracklib_1.1.1-4ubuntu2_powerpc.deb
      Size/MD5:    56864 c4a0ce26fa71db14be87e8bd72a0b993
    http://ports.ubuntu.com/pool/main/p/pam/libpam-modules_1.1.1-4ubuntu2_powerpc.deb
      Size/MD5:   343926 d00027f03fa3506e2c7433da8bf60e3a
    http://ports.ubuntu.com/pool/main/p/pam/libpam0g-dev_1.1.1-4ubuntu2_powerpc.deb
      Size/MD5:   157816 654f538026e76baea9b670d323eb9680
    http://ports.ubuntu.com/pool/main/p/pam/libpam0g_1.1.1-4ubuntu2_powerpc.deb
      Size/MD5:    95076 7056a91e001172a2e143b138c7bf60d2


Download attachment "signature.asc" of type "application/pgp-signature" (875 bytes)

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ