Alerts This Week
Warning Icon 1 758
Alerts This Week
Warning Icon 1 758

Red Hat: RHSA-2008:0193-02 Critical: Privilege Gain Exploit

red hat
Calendar Grey April 1, 2008
Dist Redhat Esm H88
Essential patch for lspp-eal4-config-ibm and capp-lspp-eal4-config-hp aimed at mitigating privilege escalation vulnerabilities in RHEL.
Updated lspp-eal4-config-ibm and capp-lspp-eal4-config-hp packages that fix a security issue are now available for Red Hat Enterprise Linux 5. This update has been rated as havin...

Solution

This update is available via the Red Hat FTP site.


Summary

The lspp-eal4-config-ibm and capp-lspp-eal4-config-hp packages contain utilities and documentation for configuring a machine for the Controlled Access Protection Profile, or the Labeled Security Protection Profile.
It was discovered that use of the "capp-lspp-config" script results in the "/etc/pam.d/system-auth" file being set to world-writable. Authorized local users who have limited privileges could then exploit this to gain additional access, or to escalate their privileges. (CVE-2008-0884)
This issue only affects users who have installed either of these packages from the Red Hat FTP site as their base system configuration kickstart script.
New deployments using the lspp-eal4-config-ibm or capp-lspp-eal4-config-hp packages are advised to upgrade to these updated packages, which resolve this issue.
For systems already deployed, the following command can be run as root to restore the permissions to a secure setting:
chmod 0644 /etc/pam.d/system-auth

References

https://www.cve.org/CVERecord?id=CVE-2008-0884 https://access.redhat.com/security/updates/classification#important

Package List


Severity
important
Lowest
Low
Medium
High
Critical

Advisory ID: RHSA-2008:0193-02
Product: Red Hat Enterprise Linux
Advisory URL: Issue date: 2008-04-01

Topic

Updated lspp-eal4-config-ibm and capp-lspp-eal4-config-hp packages that fix a security issue are now available for Red Hat Enterprise Linux 5.

This update has been rated as having important security impact by the Red Hat Security Response Team.

Relevant Releases Architectures

Bugs Fixed

435442 - CVE-2008-0884 system-auth-ac is world-writable

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here