Multiple Information Leakage vulnerabilities in the Linux-PAM pam_env and pam_mail modules

Multiple Information Leakage vulnerabilities in the Linux-PAM pam_env and pam_mail modules

Release date:
Updated on:

Affected Systems:
Linux-PAM <1.1.3
Unaffected system:
Linux-PAM 1.1.3
Description:
--------------------------------------------------------------------------------
Bugtraq id: 43487
Cve id: CVE-2010-3430, CVE-2010-3431, CVE-2010-3435

The Pluggable Authentication Module (PAM) is used to authenticate users and is used in multiple Linux versions.

The pam_mail module of Linux-PAM has multiple errors when dropping permission, which may allow local check for specific email files. In addition, the pam_env module also has errors when dropping permission, local users can ~ /. The pam_environment file symbol is linked to the restricted file to leak Arbitrary File Content.

<* Source: Sebastian Krahmer (krahmer@suse.de)

Link: http://secunia.com/advisories/42088/
Https://www.redhat.com/support/errata/RHSA-2010-0819.html
*>

Suggestion:
--------------------------------------------------------------------------------
Vendor patch:

RedHat
------
For this reason, RedHat has released a Security Bulletin (RHSA-2010: 0819-01) and patch:
RHSA-2010: 0819-01: Moderate: pam security update
Link: https://www.redhat.com/support/errata/RHSA-2010-0819.html

Linux-PAM
---------
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:

Http://pam.cvs.sourceforge.net/viewvc/pam/Linux-PAM/ChangeLog? Revision = 1.546 & view = markup & pathrev = Linux-PAM-1_1_3