Ubuntu 959-2: PAM vulnerability

    Date25 Oct 2010
    CategoryUbuntu
    60
    Posted ByLinuxSecurity Advisories
    USN-959-1 fixed vulnerabilities in PAM. This update provides thecorresponding updates for Ubuntu 10.10.
    ===========================================================
    Ubuntu Security Notice USN-959-2           October 25, 2010
    pam vulnerability
    CVE-2010-0832
    ===========================================================
    
    A security issue affects the following Ubuntu releases:
    
    Ubuntu 10.10
    
    This advisory also applies to the corresponding versions of
    Kubuntu, Edubuntu, and Xubuntu.
    
    The problem can be corrected by upgrading your system to the
    following package versions:
    
    Ubuntu 10.10:
      libpam-modules                  1.1.1-4ubuntu2
    
    In general, a standard system update will make all the necessary changes.
    
    Details follow:
    
    USN-959-1 fixed vulnerabilities in PAM. This update provides the
    corresponding updates for Ubuntu 10.10.
    
    Original advisory details:
    
     Denis Excoffier discovered that the PAM MOTD module in Ubuntu did
     not correctly handle path permissions when creating user file stamps.
     A local attacker could exploit this to gain root privilieges.
    
    
    Updated packages for Ubuntu 10.10:
    
      Source archives:
    
        http://security.ubuntu.com/ubuntu/pool/main/p/pam/pam_1.1.1-4ubuntu2.diff.gz
          Size/MD5:   256311 70ceb0ea3e0aea771cb0ee4d20159302
        http://security.ubuntu.com/ubuntu/pool/main/p/pam/pam_1.1.1-4ubuntu2.dsc
          Size/MD5:     1636 8b0a9a5576629cdc16a07fb6221555d1
        http://security.ubuntu.com/ubuntu/pool/main/p/pam/pam_1.1.1.orig.tar.gz
          Size/MD5:  1799415 b4838d787dd9b046a4d6992e18b6ffac
    
      Architecture independent packages:
    
        http://security.ubuntu.com/ubuntu/pool/main/p/pam/libpam-doc_1.1.1-4ubuntu2_all.deb
          Size/MD5:   284250 ee51d0d5117e8005bd96d365160ab8fc
        http://security.ubuntu.com/ubuntu/pool/main/p/pam/libpam-runtime_1.1.1-4ubuntu2_all.deb
          Size/MD5:    85274 65b297ca5b321eef1b76c05b7e15da01
    
      amd64 architecture (Athlon64, Opteron, EM64T Xeon):
    
        http://security.ubuntu.com/ubuntu/pool/main/p/pam/libpam-cracklib_1.1.1-4ubuntu2_amd64.deb
          Size/MD5:    56638 2058636a296f011ee82fb1085bcf98a0
        http://security.ubuntu.com/ubuntu/pool/main/p/pam/libpam-modules_1.1.1-4ubuntu2_amd64.deb
          Size/MD5:   347314 d5f3e4cf08b35bf1c4772d0e17df9787
        http://security.ubuntu.com/ubuntu/pool/main/p/pam/libpam0g-dev_1.1.1-4ubuntu2_amd64.deb
          Size/MD5:   158630 5b55c802a6e55ad7de7dca34853cadf5
        http://security.ubuntu.com/ubuntu/pool/main/p/pam/libpam0g_1.1.1-4ubuntu2_amd64.deb
          Size/MD5:    94660 a3f147932dc1c9dc7c0fff522bc7f7cd
    
      i386 architecture (x86 compatible Intel/AMD):
    
        http://security.ubuntu.com/ubuntu/pool/main/p/pam/libpam-cracklib_1.1.1-4ubuntu2_i386.deb
          Size/MD5:    56300 6ebc733abee6253e70f7862b8c8deead
        http://security.ubuntu.com/ubuntu/pool/main/p/pam/libpam-modules_1.1.1-4ubuntu2_i386.deb
          Size/MD5:   323066 799c517fe7928f1afbf2b440c87e23c3
        http://security.ubuntu.com/ubuntu/pool/main/p/pam/libpam0g-dev_1.1.1-4ubuntu2_i386.deb
          Size/MD5:   152140 5fef5190dfed92ca9c30e11723d7dd09
        http://security.ubuntu.com/ubuntu/pool/main/p/pam/libpam0g_1.1.1-4ubuntu2_i386.deb
          Size/MD5:    91718 498d37554ea0e6327aa91c6a7fb7e2ca
    
      powerpc architecture (Apple Macintosh G3/G4/G5):
    
        http://ports.ubuntu.com/pool/main/p/pam/libpam-cracklib_1.1.1-4ubuntu2_powerpc.deb
          Size/MD5:    56864 c4a0ce26fa71db14be87e8bd72a0b993
        http://ports.ubuntu.com/pool/main/p/pam/libpam-modules_1.1.1-4ubuntu2_powerpc.deb
          Size/MD5:   343926 d00027f03fa3506e2c7433da8bf60e3a
        http://ports.ubuntu.com/pool/main/p/pam/libpam0g-dev_1.1.1-4ubuntu2_powerpc.deb
          Size/MD5:   157816 654f538026e76baea9b670d323eb9680
        http://ports.ubuntu.com/pool/main/p/pam/libpam0g_1.1.1-4ubuntu2_powerpc.deb
          Size/MD5:    95076 7056a91e001172a2e143b138c7bf60d2
    
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/24-what-do-you-think-of-the-quality-of-the-articles-on-linuxsecurity?task=poll.vote&format=json
    24
    radio
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"23","type":"x","order":"1","pct":53.49,"resources":[]},{"id":"88","title":"Should be more technical","votes":"5","type":"x","order":"2","pct":11.63,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"15","type":"x","order":"3","pct":34.88,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.