Note: This is an archival copy of Security Sun Alert 200773 as previously published on
Latest version of this security advisory is available from as Sun Alert 1000591.1.
Article ID : 1000591.1
Article Type : Sun Alerts (SURE)
Last reviewed : 2010-01-24
Audience : PUBLIC
Copyright Notice: Copyright © 2010, Oracle Corporation and/or its affiliates.

Sun Linux 5.0 Vulnerability in pam_xauth(8) Module May Allow Forwarding of Root Authorization to Unprivileged Users


Release Phase

Bug Id

Date of Resolved Release


The pam_xauth(8) module supplied with Sun Linux 5.0 may allow the forwarding of authorization information from the root account to unprivileged users. This could allow local unprivileged users to gain unauthorized root privileges.

Additional information is available at:

Contributing Factors

This issue can occur in the following releases:

Sun Linux Platform

  • Sun Linux 5.0 with pam 0.75-19 or earlier

The following command can be executed to determine if the "pam_xauth" module is enabled on the system:

    $ grep pam_xauth /etc/pam.d/su
session optional /lib/security/

The presence of the line "session optional /lib/security/" as shown above, shows that pam_xauth module is being used. If a "#" symbol is at the beginning of the "session optional /lib/security/" line, this indicates "pam_xauth" is not being used.

The "pam_xauth" module is used to forward "xauth" information from user to user in applications such as su(1M).

Note: Sun Linux 5.0 is currently shipped with the Sun LX50 Server


There are no predictable symptoms that would show the described issue has been exploited.


To work around the described issue, disable the "pam_xauth" module for "su" by commenting out the the "" related line in "/etc/pam.d/su", as in the following example:

    # session optional /lib/security/


This issue is addressed in the following releases:

Sun Linux Platform

  • Sun Linux 5.0 with pam 0.75-46.7.2 or later

Modification History
Date: 29-AUG-2003
  • State: Resolved
  • Updated Resolution section

Sun Linux 5.0

This solution has no attachment