|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Subject: CONECTIVA LINUX SECURITY ANNOUNCEMENT - PAM
From: Security (secure
CONECTIVA.COM.BR)Date: Thu Jul 27 2000 - 09:27:52 CDT
- Next message: Security: "CONECTIVA LINUX SECURITY ANNOUNCEMENT - NFS-UTILS"
- Previous message: Solar Designer: "Re: JPEG COM Marker Processing Vulnerability in Netscape Browsers"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
----------------------------------------------------------------------
CONECTIVA LINUX SECURITY ANNOUNCEMENT
----------------------------------------------------------------------
PACKAGE : pam
SUMMARY : Remote users being treated as local ones
DATE : 2000-07-27
AFFECTED CONECTIVA VERSIONS : 4.0, 4.0es, 4.1, 4.2, 5.0 and 5.1
DESCRIPTION
Redhat has identified a problem with the pam_console module which
also affects Conectiva Linux.
This module incorrectly identifies remote X logins for displays
other than :0 (:1, :2, etc.) as local ones, thus giving the
console to this user. Having the console, the remote user could
issue commands like reboot to remotely reboot the system (after
providing his or her password).
Note that this vulnerability is only exploitable if the system is
running a graphical login manager (gdm, kdm, etc.), XDMCP is
enabled and remote access is granted. This is *not* the default
configuration for Conectiva Linux.
SOLUTION
All users should upgrade.
DIRECT DOWNLOAD LINKS TO UPDATED PACKAGES
ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/4.0/i386/pam-0.72-15cl.i386.rpm
ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/4.0es/i386/pam-0.72-15cl.i386.rpm
ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/4.1/i386/pam-0.72-15cl.i386.rpm
ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/4.2/i386/pam-0.72-15cl.i386.rpm
ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/5.0/i386/pam-0.72-15cl.i386.rpm
ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/5.1/i386/pam-0.72-15cl.i386.rpm
DIRECT LINK TO THE SOURCE PACKAGES
ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/4.0/SRPMS/pam-0.72-15cl.src.rpm
ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/4.0es/SRPMS/pam-0.72-15cl.src.rpm
ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/4.1/SRPMS/pam-0.72-15cl.src.rpm
ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/4.2/SRPMS/pam-0.72-15cl.src.rpm
ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/5.0/SRPMS/pam-0.72-15cl.src.rpm
ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/5.1/SRPMS/pam-0.72-15cl.src.rpm
----------------------------------------------------------------------
All packages are signed with Conectiva's PGP key. The key can be obtained at
http://www.conectiva.com.br/conectiva/contato.html
----------------------------------------------------------------------
subscribe: atualizacoes-anuncio-subscribebazar.conectiva.com.br
unsubscribe: atualizacoes-anuncio-unsubscribebazar.conectiva.com.br
- Next message: Security: "CONECTIVA LINUX SECURITY ANNOUNCEMENT - NFS-UTILS"
- Previous message: Solar Designer: "Re: JPEG COM Marker Processing Vulnerability in Netscape Browsers"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]