Note: This is an archival copy of Security Sun Alert 200773 as previously published on http://sunsolve.sun.com. Latest version of this security advisory is available from http://support.oracle.com as Sun Alert 1000591.1. |
Category Security Release Phase Resolved 4888538 Date of Resolved Release 29-AUG-2003 Impact The pam_xauth(8) module supplied with Sun Linux 5.0 may allow the forwarding of authorization information from the root account to unprivileged users. This could allow local unprivileged users to gain unauthorized root privileges. Additional information is available at:
Contributing Factors This issue can occur in the following releases: Sun Linux Platform
The following command can be executed to determine if the "pam_xauth" module is enabled on the system: $ grep pam_xauth /etc/pam.d/su session optional /lib/security/pam_xauth.so The presence of the line "session optional /lib/security/pam_xauth.so" as shown above, shows that pam_xauth module is being used. If a "#" symbol is at the beginning of the "session optional /lib/security/pam_xauth.so" line, this indicates "pam_xauth" is not being used. The "pam_xauth" module is used to forward "xauth" information from user to user in applications such as su(1M). Note: Sun Linux 5.0 is currently shipped with the Sun LX50 Server Symptoms There are no predictable symptoms that would show the described issue has been exploited. Workaround To work around the described issue, disable the "pam_xauth" module for "su" by commenting out the the "pam_xauth.so" related line in "/etc/pam.d/su", as in the following example: # session optional /lib/security/pam_xauth.so Resolution This issue is addressed in the following releases: Sun Linux Platform
Modification History Date: 29-AUG-2003
Product Sun Linux 5.0 Attachments This solution has no attachment |
|