aru Posted April 29, 2003 Report Share Posted April 29, 2003 MandrakeSoft Security Advisory MDKSA-2003:017-1 : pam April 28th, 2003 Updated pam packages fix root authorization handling in pam_xauth module Andreas Beck discovered that the pam_xauth module would forward authorization information from the root account to unprivileged users.This can be exploited by a local attacker to gain access to the root user's X session. In order for it to be successfully exploited, the attacker would have to somehow get the root user to su to the account belonging to the attacker. Update: The previous fix was incorrect because certain applications, such as userdrake and net_monitor could not be executed as root, although they could be executed as users who successfully authenticated as root. The released versions of Mandrake GNU/Linux affected are: 8.2 [*] 8.2/PPC [*] 9.0 [*] Multi Network Firewall 8.2 [*] Corporate Server 2.1 Full information about this advisory, including the updated packages, is available at: www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2003:017-1 Other references: http://cve.mitre.org/cgi-bin/cvename.cgi?n...e=CAN-2002-1160 Posted automatically by aru (mdksec2mub v0.0.5) Link to comment Share on other sites More sharing options...
Recommended Posts