pam-0.99.6.2-6.2.0.1.AXS3
エラータID: AXSA:2010-484:02
リリース日:
2010/11/05 Friday - 20:40
題名:
pam-0.99.6.2-6.2.0.1.AXS3
影響のあるチャネル:
Asianux Server 3 for x86_64
Asianux Server 3 for x86
Severity:
Moderate
Description:
以下項目について対処しました。
[Security Fix]
- 現時点では CVE-2010-3316, CVE-2010-3435, CVE-2010-3853 の情報が公開されておりません。
CVEの情報が公開され次第情報をアップデートいたします。
一部CVEの翻訳文はJVNからの引用になります。
http://jvndb.jvn.jp/
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2010-3316
The run_coprocess function in pam_xauth.c in the pam_xauth module in Linux-PAM (aka pam) before 1.1.2 does not check the return values of the setuid, setgid, and setgroups system calls, which might allow local users to read arbitrary files by executing a program that relies on the pam_xauth PAM check.
The run_coprocess function in pam_xauth.c in the pam_xauth module in Linux-PAM (aka pam) before 1.1.2 does not check the return values of the setuid, setgid, and setgroups system calls, which might allow local users to read arbitrary files by executing a program that relies on the pam_xauth PAM check.
CVE-2010-3435
The (1) pam_env and (2) pam_mail modules in Linux-PAM (aka pam) before 1.1.2 use root privileges during read access to files and directories that belong to arbitrary user accounts, which might allow local users to obtain sensitive information by leveraging this filesystem activity, as demonstrated by a symlink attack on the .pam_environment file in a user's home directory.
The (1) pam_env and (2) pam_mail modules in Linux-PAM (aka pam) before 1.1.2 use root privileges during read access to files and directories that belong to arbitrary user accounts, which might allow local users to obtain sensitive information by leveraging this filesystem activity, as demonstrated by a symlink attack on the .pam_environment file in a user's home directory.
CVE-2010-3853
pam_namespace.c in the pam_namespace module in Linux-PAM (aka pam) before 1.1.3 uses the environment of the invoking application or service during execution of the namespace.init script, which might allow local users to gain privileges by running a setuid program that relies on the pam_namespace PAM check, as demonstrated by the sudo program.
pam_namespace.c in the pam_namespace module in Linux-PAM (aka pam) before 1.1.3 uses the environment of the invoking application or service during execution of the namespace.init script, which might allow local users to gain privileges by running a setuid program that relies on the pam_namespace PAM check, as demonstrated by the sudo program.
追加情報:
N/A
ダウンロード:
SRPMS
- pam-0.99.6.2-6.2.0.1.AXS3.src.rpm
MD5: 184b372618cb5a39e31f20f5e9138f85
SHA-256: 6a61853c1b48d33b15aa05aa686ab207a96f1293500a765bf18dc3fb8a0f205e
Size: 6.88 MB
Asianux Server 3 for x86
- pam-0.99.6.2-6.2.0.1.AXS3.i386.rpm
MD5: f9adaafe16479ffc5d8f48d85ce2e561
SHA-256: 3cdfe8eb9bbc2bd8cfa23a88ed3ca780a905e075dbf7345ed5b1422036f520c9
Size: 0.96 MB - pam-devel-0.99.6.2-6.2.0.1.AXS3.i386.rpm
MD5: deb15c559c07e4992b584b15f48b20cf
SHA-256: b5ad5a0ba9e9109494bbf83f912e3b3486415694957afc653022ff4aa60cd47b
Size: 190.23 kB
Asianux Server 3 for x86_64
- pam-0.99.6.2-6.2.0.1.AXS3.x86_64.rpm
MD5: c54e4fcfa89d0569d6aa824cfd514e17
SHA-256: 02f5e1e4ae423f9f49c0cc89610a57a0cfd96356bfca7999a29382ad778362d5
Size: 0.96 MB - pam-devel-0.99.6.2-6.2.0.1.AXS3.x86_64.rpm
MD5: 1f1504217384ef6b6cad9899c2b45933
SHA-256: 1e66395f7471f3352e971e802dfc8461d8d16eeae6ef3cc467717f0f58cf6f3b
Size: 190.21 kB