PAM with SELinux Lets Local Users Invoke unix_chkpwd to Conduct Password Guessing Attacks
|
|
SecurityTracker Alert ID: 1015111
|
|
SecurityTracker URL: http://securitytracker.com/id?1015111
|
|
CVE Reference: CVE-2005-2977
(Links to External Site)
|
Date: Oct 26 2005
|
Impact: User access via local system
|
Version(s): 0.80 and prior versions
|
Description: A vulnerability was reported in PAM (Pluggable Authentication Modules) when SELinux is enabled. A local user can conduct password guessing attacks.
The PAM unix_chkpwd helper program does not properly validate user-supplied passwords when SELinux is enabled. The SELinux functions
allow a local user without root privileges to invoke unix_chkpwd to verify the password of another local user. The unix_chkpwd
function does not provide any delay or logging functions. As a result, a local user can conduct brute force password guessing attacks.
Tomas
Mraz reported this vulnerability.
|
Impact: A local user can conduct brute force password guessing attacks against accounts on the target system.
|
Solution: No upstream solution was available at the time of this entry.
Red Hat has issued a fix for Red Hat Enterprise Linux 4:
https://rhn.redhat.com/errata/RHSA-2005-805.html
|
Vendor URL: www.kernel.org/pub/linux/libs/pam/ (Links to External Site)
|
Cause: Access control error
|
Underlying OS: Linux (Any)
|
|
Message History:
This archive entry has one or more follow-up message(s) listed below.
|
Source Message Contents
|
Date: Wed, 26 Oct 2005 15:43:45 -0400
Subject: Pam (Pluggable Authentication Modules) vulnerability
|
Red Hat reported:
CVE-2005-2977 unix_chkpwd helper doesn't verify requesting user if SELinux is enabled
|
|
