Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

CVE-2010-3853: pam_namespace executes namespace.init with service's environment

Related Vulnerabilities: CVE-2010-3853   CVE-2010-3316   CVE-2010-3430   CVE-2010-3431   CVE-2010-3435  

Source

Debian Bug report logs - #608273
CVE-2010-3853: pam_namespace executes namespace.init with service's environment

version graph

Package: pam; Maintainer for pam is Steve Langasek <vorlon@debian.org>;

Reported by: Giuseppe Iuculano <iuculano@debian.org>

Date: Wed, 29 Dec 2010 15:18:02 UTC

Severity: serious

Tags: patch, security

Fixed in version pam/1.1.3-1

Done: Steve Langasek <vorlon@debian.org>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox

Report forwarded to debian-bugs-dist@lists.debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Steve Langasek <vorlon@debian.org>:
Bug#608273; Package pam. (Wed, 29 Dec 2010 15:18:04 GMT) (full text, mbox, link).

Acknowledgement sent to Giuseppe Iuculano <iuculano@debian.org>:
New Bug report received and forwarded. Copy sent to team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Steve Langasek <vorlon@debian.org>. (Wed, 29 Dec 2010 15:18:04 GMT) (full text, mbox, link).

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Giuseppe Iuculano <iuculano@debian.org>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: CVE-2010-3853: pam_namespace executes namespace.init with service's environment
Date: Wed, 29 Dec 2010 16:15:44 +0100
Package: pam
Severity: serious
Tags: security patch

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Tomas Mraz pointed out that pam_namespace PAM module executes external
namespace.init script with an environment settings inherited form the program
or service that has pam_namespace configured.

Please see:

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-3853
http://pam.cvs.sourceforge.net/viewvc/pam/Linux-PAM/modules/pam_namespace/pam_namespace.c?view=log#rev1.13
https://rhn.redhat.com/errata/RHSA-2010-0819.html

If you fix the vulnerability please also make sure to include the
CVE id in your changelog entry.

Cheers,
Giuseppe.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iEYEARECAAYFAk0bUJsACgkQNxpp46476arzpwCfRYu4yznLD6z970bUPNbJkeE7
0qsAn10ej9XnZ3hnXoQF5PlGXZC9TYfD
=OuIG
-----END PGP SIGNATURE-----

Information forwarded to debian-bugs-dist@lists.debian.org, Steve Langasek <vorlon@debian.org>:
Bug#608273; Package pam. (Thu, 30 Dec 2010 15:30:03 GMT) (full text, mbox, link).

Acknowledgement sent to Julien Cristau <jcristau@debian.org>:
Extra info received and forwarded to list. Copy sent to Steve Langasek <vorlon@debian.org>. (Thu, 30 Dec 2010 15:30:03 GMT) (full text, mbox, link).

Message #10 received at 608273@bugs.debian.org (full text, mbox, reply):

From: Julien Cristau <jcristau@debian.org>
To: Giuseppe Iuculano <iuculano@debian.org>, 608273@bugs.debian.org
Subject: Re: Bug#608273: CVE-2010-3853: pam_namespace executes namespace.init with service's environment
Date: Thu, 30 Dec 2010 16:26:03 +0100
[Message part 1 (text/plain, inline)]
user release.debian.org@packages.debian.org
usertag 608273 squeeze-can-defer
tag 608273 squeeze-ignore
kthxbye

On Wed, Dec 29, 2010 at 16:15:44 +0100, Giuseppe Iuculano wrote:

> Package: pam
> Severity: serious
> Tags: security patch
> 
> Tomas Mraz pointed out that pam_namespace PAM module executes external
> namespace.init script with an environment settings inherited form the program
> or service that has pam_namespace configured.
> 
Can be fixed post release, not a blocker.  Tagging accordingly.

Cheers,
Julien

[signature.asc (application/pgp-signature, inline)]

Added tag(s) squeeze-ignore. Request was from Julien Cristau <jcristau@debian.org> to control@bugs.debian.org. (Thu, 30 Dec 2010 15:30:06 GMT) (full text, mbox, link).

Removed tag(s) squeeze-ignore. Request was from Steve Langasek <vorlon@debian.org> to control@bugs.debian.org. (Wed, 01 Jun 2011 05:00:05 GMT) (full text, mbox, link).

Added tag(s) pending. Request was from Steve Langasek <vorlon@debian.org> to control@bugs.debian.org. (Sat, 04 Jun 2011 09:24:09 GMT) (full text, mbox, link).

Reply sent to Steve Langasek <vorlon@debian.org>:
You have taken responsibility. (Sat, 04 Jun 2011 20:57:10 GMT) (full text, mbox, link).

Notification sent to Giuseppe Iuculano <iuculano@debian.org>:
Bug acknowledged by developer. (Sat, 04 Jun 2011 20:57:11 GMT) (full text, mbox, link).

Message #21 received at 608273-close@bugs.debian.org (full text, mbox, reply):

From: Steve Langasek <vorlon@debian.org>
To: 608273-close@bugs.debian.org
Subject: Bug#608273: fixed in pam 1.1.3-1
Date: Sat, 04 Jun 2011 20:54:18 +0000
Source: pam
Source-Version: 1.1.3-1

We believe that the bug you reported is fixed in the latest version of
pam, which is due to be installed in the Debian FTP archive:

libpam-cracklib_1.1.3-1_amd64.deb
  to main/p/pam/libpam-cracklib_1.1.3-1_amd64.deb
libpam-doc_1.1.3-1_all.deb
  to main/p/pam/libpam-doc_1.1.3-1_all.deb
libpam-modules_1.1.3-1_amd64.deb
  to main/p/pam/libpam-modules_1.1.3-1_amd64.deb
libpam-runtime_1.1.3-1_all.deb
  to main/p/pam/libpam-runtime_1.1.3-1_all.deb
libpam0g-dev_1.1.3-1_amd64.deb
  to main/p/pam/libpam0g-dev_1.1.3-1_amd64.deb
libpam0g_1.1.3-1_amd64.deb
  to main/p/pam/libpam0g_1.1.3-1_amd64.deb
pam_1.1.3-1.diff.gz
  to main/p/pam/pam_1.1.3-1.diff.gz
pam_1.1.3-1.dsc
  to main/p/pam/pam_1.1.3-1.dsc
pam_1.1.3.orig.tar.gz
  to main/p/pam/pam_1.1.3.orig.tar.gz



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 608273@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Steve Langasek <vorlon@debian.org> (supplier of updated pam package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Sat, 04 Jun 2011 03:10:50 -0700
Source: pam
Binary: libpam0g libpam-modules libpam-runtime libpam0g-dev libpam-cracklib libpam-doc
Architecture: source amd64 all
Version: 1.1.3-1
Distribution: unstable
Urgency: low
Maintainer: Steve Langasek <vorlon@debian.org>
Changed-By: Steve Langasek <vorlon@debian.org>
Description: 
 libpam-cracklib - PAM module to enable cracklib support
 libpam-doc - Documentation of PAM
 libpam-modules - Pluggable Authentication Modules for PAM
 libpam-runtime - Runtime support for the PAM library
 libpam0g   - Pluggable Authentication Modules library
 libpam0g-dev - Development files for PAM
Closes: 599832 602902 608273
Changes: 
 pam (1.1.3-1) unstable; urgency=low
 .
   * New upstream release.
     - Fixes CVE-2010-3853, executing namespace.init with an insecure
       environment set by the caller.  Closes: #608273.
     - Fixes CVE-2010-3316 CVE-2010-3430 CVE-2010-3431 CVE-2010-3435.
       Closes: #599832.
   * Port hurd_no_setfsuid patch to new pam_modutil_{drop,restore}_priv
     interface; now possibly upstreamable
   * debian/patches-applied/027_pam_limits_better_init_allow_explicit_root:
     set a better default RLIMIT_MEMLOCK value for BSD kernels.  Thanks to
     Petr Salinger for the fix.  Closes: #602902.
   * bump the minimum version check in maintainer scripts for the restart
     handling.
Checksums-Sha1: 
 0ce9837dfdec246b50cb1d15d770354f50567be0 2109 pam_1.1.3-1.dsc
 897acdce243c6c6afeee7d3a4f351e3e891eff44 1768872 pam_1.1.3.orig.tar.gz
 706cd5267b217b3630e12cedbc9e94e2a95dc18e 269674 pam_1.1.3-1.diff.gz
 e956e9f8152fa55dfccc32b1c8a416a745412ade 121884 libpam0g_1.1.3-1_amd64.deb
 989cac783c8ff4c7c9030edda82a599435528b89 375442 libpam-modules_1.1.3-1_amd64.deb
 3bbeffb390d897837132d5ce3abcaa3f5aa3f145 223050 libpam-runtime_1.1.3-1_all.deb
 ab70b8b64e356ff3d97fbcbdf836f3db499c716b 188594 libpam0g-dev_1.1.3-1_amd64.deb
 0011192c68efc661ecf13efae11b26ba9d380473 81740 libpam-cracklib_1.1.3-1_amd64.deb
 6f60ed3f014ec13ff01c381dda6630efbda04db8 320804 libpam-doc_1.1.3-1_all.deb
Checksums-Sha256: 
 3aaeb8f093f78a36d94ab9c04ff92dddd0380be2d3a704ce3be8fa63c19d7af1 2109 pam_1.1.3-1.dsc
 a5bff0a161aeb6c0857fd441ff984749a8b208ad50b8d1f117058a6301741a0f 1768872 pam_1.1.3.orig.tar.gz
 218bad6ebb8b328937a6f91d1850ba39c75bc4ed24e48b01fc5210199fc9f463 269674 pam_1.1.3-1.diff.gz
 376ceca2ef2dab913bf25c0e9c116bb2fd3b2f17fd8685153a7c444cc00a2276 121884 libpam0g_1.1.3-1_amd64.deb
 b599ca1d0904958ae41591bbd3404a1a07f7d68ece8a118b4a0dd28396a6379d 375442 libpam-modules_1.1.3-1_amd64.deb
 c323ed802d8aff469aab6efbd9f2190e52109ef48233dfc30b1ed8176ddad4f0 223050 libpam-runtime_1.1.3-1_all.deb
 a7708730e62c49e4f85f53ee54c4890e8cf1544a648dd9cbfac5f043f7800ce2 188594 libpam0g-dev_1.1.3-1_amd64.deb
 7553c3fb03efe9e9611d336c8c7a03718fc92cd3c18eab0945d14d374ba540bb 81740 libpam-cracklib_1.1.3-1_amd64.deb
 0d68e169bf832d4dbfbbbe7b11b96c025f605da438eacfb185c9c8463d2371a3 320804 libpam-doc_1.1.3-1_all.deb
Files: 
 4d73edee202991161f29329a2ce5a600 2109 libs optional pam_1.1.3-1.dsc
 9a977619848cfed372d9b361e328ec99 1768872 libs optional pam_1.1.3.orig.tar.gz
 a02dd1f1709f7f40741c48320fd739ba 269674 libs optional pam_1.1.3-1.diff.gz
 9cb43d674e04cb053cd852851938ecc6 121884 libs required libpam0g_1.1.3-1_amd64.deb
 aa9a10bfb82f140ee528b3f60b136db6 375442 admin required libpam-modules_1.1.3-1_amd64.deb
 1f89c650cc8c0ed8c6d1dd1d1a051302 223050 admin required libpam-runtime_1.1.3-1_all.deb
 ada05de3a36c5c76a343c8d2d1664f17 188594 libdevel optional libpam0g-dev_1.1.3-1_amd64.deb
 ed6bb94851e7faf4dd2e28c3dbd9d222 81740 admin optional libpam-cracklib_1.1.3-1_amd64.deb
 78e8df2d3b0d15fe38b734cb51b34c44 320804 doc optional libpam-doc_1.1.3-1_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iQIVAwUBTeqV+laNMPMhshM9AQiRRhAAg1xEkudmk0cJCnYp33AmhR1qQ94V093k
/+1YPktAWO03d8Nf0tI/3FiWrPCaTDySEXL8BkxKiu398PRX4o8az6miBEnbLLQd
lssofCEORL2gepJFp1YCnkx4E7CgpXv7c/JC/2/99d9s/S05RCG3fyTLqA2+x13w
LzuFRESf+3jW1ISHQKHRp52RMz9+o/reanv50m6z2jZv9KddIU08Lrc8g2uvRTFy
u10F8423SeVz72gV3Ckb/rlYwlvBp0RceVzfkJ/K+y6X0LPpAz0IGkoUmbobgDCp
J2JshDVLWOwO7uAfls2W4keQi/VVw1bbmjQJdW41nvPyRos5xjUXqQ40WcO5G6hg
jI1hV+XbmXAx6b5fOQHIB7bg9sbY0hSop+87uyaHyPfvIZHQgyjtVaWb05857xmq
srCvfl6e23ImxaE48+O0amXVBa9Lc4BWSqhN26ux7rdO/bYiiqKnAfiGe3EZ4swb
7+CDBZvzmL9JOH062kgm+VxyCYqnJgA90ZklPWg+DiBAoAuy8litzTXpKGGCqhX+
6MGyGPoXm2RfAou4M1kFS+veEmJ16EiIqiMR25D5nyY93ZYgCGlu3l16CJOjRIT5
37BckA+41WTq4AsGiYJyxvDyOEYJO6qr2p8+rDvV0NthxrdEmcFczAA+b3FadyBk
mlqFpgQPVMs=
=KYgw
-----END PGP SIGNATURE-----

Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Sun, 29 Jan 2012 07:38:00 GMT) (full text, mbox, link).

Send a report that this bug log contains spam.

Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Wed Jun 19 15:14:02 2019; Machine Name: buxtehude

Debian Bug tracking system

Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

Copyright © 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson, 2005-2017 Don Armstrong, and many other contributors.

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started