Stay Secure with the Latest Linux Advisories

security advisorysecurity issuered hat

Red Hat: RHSA-2008:0193-02 Critical: Privilege Gain Exploit

Updated lspp-eal4-config-ibm and capp-lspp-eal4-config-hp packages that fix a security issue are now available for Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team. The lspp-eal4-config-ibm and capp-lspp-eal4-config-hp packages contain utilities and documentation for configuring a machine for the Controlled Access Protection Profile, or the Labeled Security Protection Profile. It was discovered that use of the "capp-lspp-config" script results in the "/etc/pam.d/system-auth" file being set to world-writable. Authorized local users who have limited privileges could then exploit this to gain additional access, or to escalate their privileges.. ==================================================================== Red Hat Security Advisory Synopsis: Important: lspp-eal4-config-ibm and capp-lspp-eal4-config-hp security update Advisory ID: RHSA-2008:0193-02 Product: Red Hat Enterprise Linux Advisory URL: Issue date: 2008-04-01 CVE Names: CVE-2008-0884 ==================================================================== 1. Summary: Updated lspp-eal4-config-ibm and capp-lspp-eal4-config-hp packages that fix a security issue are now available for Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team. 2. Description: The lspp-eal4-config-ibm and capp-lspp-eal4-config-hp packages contain utilities and documentation for configuring a machine for the Controlled Access Protection Profile, or the Labeled Security Protection Profile. It was discovered that use of the "capp-lspp-config" script results in the "/etc/pam.d/system-auth" file being set to world-writable. Authorized local users who have limited privileges could then exploit this to gain additional access, or to escalate their privileges. (CVE-2008-0884) This issue only affects users who have installed eitherof these packages from the Red Hat FTP site as their base system configuration kickstart script. New deployments using the lspp-eal4-config-ibm or capp-lspp-eal4-config-hp packages are advised to upgrade to these updated packages, which resolve this issue. For systems already deployed, the following command can be run as root to restore the permissions to a secure setting: chmod 0644 /etc/pam.d/system-auth 3. Solution: This update is available via the Red Hat FTP site. 4. Bugs fixed (http://bugzilla.redhat.com/): 435442 - CVE-2008-0884 system-auth-ac is world-writable 5. References: https://www.cve.org/CVERecord?id=CVE-2008-0884 https://access.redhat.com/security/updates/classification#important 6. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2008 Red Hat, Inc. . Essential patch for lspp-eal4-config-ibm and capp-lspp-eal4-config-hp aimed at mitigating privilege escalation vulnerabilities in RHEL.. Privilege Escalation, Access Control, Red Hat Security. . Severity: Important. LinuxSecurity.com Team

Apr 01, 2008 •Important Red Hat