Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 519
Alerts This Week
Warning Icon 1 519

Red Hat Enterprise Linux 2.1 RHSA-2004:304-01 Critical pam Escalation

red hat
Calendar Grey August 19, 2004
Dist Redhat Esm H88
Critical update for pam module in Red Hat addresses a serious local escalation flaw allowing unauthorized superuser access.
If he pam_wheel module was used with the "trust" option enabled, but without the "use_uid" option, any local user could use PAM to gain access to a superuser account without supply...

Solution

Before applying this update, make sure that all previously-released errata relevant to your system have been applied. Use Red Hat Network to download and update your packages. To launch the Red Hat Update Agent, use the following command:

up2date

For information on how to install packages manually, refer to the following Web page for the System Administration or Customization guide specific to your system:

https://docs.redhat.com/en/documentation/red_hat_enterprise_linux/10/


5. Bug IDs fixed (http://bugzilla.redhat.com/ for more info):

98826 - CAN-2003-0388 pam_wheel uses getlogin in insecure fashion

6. RPMs required:

Red Hat Enterprise Linux AS (Advanced Server) version 2.1:

SRPMS:

5c78062a595e3443d22ca145b774cd34 pam-0.75-46.9.src.rpm

i386: 1a72acefcb8b2c7bfb875f9024ae818b pam-0.75-46.9.i386.rpm e129fb8519d309ab26d3045bd91bb2e3 pam-devel-0.75-46.9.i386.rpm

ia64: 851a5e5a7f78b4a4cbde060c62ab1e7d pam-0.75-46.9.ia64.rpm 3b23b14f7cfbcf2a73d21fd3a0b18bda pam-devel-0.75-46.9.ia64.rpm

Red Hat Linux Advanced Workstation 2.1:

SRPMS:

5c78062a595e3443d22ca145b774cd34 pam-0.75-46.9.src.rpm

ia64: 851a5e5a7f78b4a4cbde060c62ab1e7d pam-0.75-46.9.ia64.rpm 3b23b14f7cfbcf2a73d21fd3a0b18bda pam-devel-0.75-46.9.ia64.rpm

Red Hat Enterprise Linux ES version 2.1:

SRPMS:

5c78062a595e3443d22ca145b774cd34 pam-0.75-46.9.src.rpm

i386: 1a72acefcb8b2c7bfb875f9024ae818b pam-0.75-46.9.i386.rpm e129fb8519d309ab26d3045bd91bb2e3 pam-devel-0.75-46.9.i386.rpm

Red Hat Enterprise Linux WS version 2.1:

SRPMS:

5c78062a595e3443d22ca145b774cd34 pam-0.75-46.9.src.rpm

i386: 1a72acefcb8b2c7bfb875f9024ae818b pam-0.75-46.9.i386.rpm e129fb8519d309ab26d3045bd91bb2e3 pam-devel-0.75-46.9.i386.rpm

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from


Summary

References

Package List


Severity
critical
Lowest
Low
Medium
High
Critical

Advisory ID: RHSA-2004:304-01
Issue date: 2004-08-18
Updated on: 2004-08-18
Product: Red Hat Enterprise Linux
Keywords: pam pam_wheel pam_lastlog

Topic

Updated pam packages that fix a security vulnerability are now availablefor Red Hat Enterprise Linux 2.1.

Relevant Releases Architectures

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386, ia64

Red Hat Linux Advanced Workstation 2.1 - ia64

Red Hat Enterprise Linux ES version 2.1 - i386

Red Hat Enterprise Linux WS version 2.1 - i386

Bugs Fixed

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.