Red Hat lspp-eal4-config-ibm and capp-lspp-eal4-config-hp Labeled Security Protection Profile Scripts Let Local Users Gain Elevated Privileges
SecurityTracker Alert ID: 1019740|
SecurityTracker URL: http://securitytracker.com/id/1019740
(Links to External Site)
Date: Apr 1 2008
User access via local system|
Fix Available: Yes Vendor Confirmed: Yes |
A vulnerability was reported in the Red Hat lspp-eal4-config-ibm and capp-lspp-eal4-config-hp Labeled Security Protection Profile packages. A local user can obtain elevated privileges on the target system.|
The lspp-eal4-config-ibm and capp-lspp-eal4-config-hp packages cause the '/etc/pam.d/system-auth' file to be configured as world-writable. A local user can modify the file to potentially gain elevated privileges.
Only systems that have installed either of these packages from the Red Hat FTP site as their base system configuration kickstart script are affected.
A local user can obtain elevated privileges on the target system.|
Red Hat has issued the following fixes:|
For systems that have already been deployed, the following command can be run as root to restore the permissions to a secure setting:
chmod 0644 /etc/pam.d/system-auth
The Red Hat advisory is available at:
Vendor URL: rhn.redhat.com/errata/RHSA-2008-0193.html (Links to External Site)
|Underlying OS: Linux (Red Hat Enterprise)|
Source Message Contents
Subject: [RHSA-2008:0193-02] Important: lspp-eal4-config-ibm and|
-----BEGIN PGP SIGNED MESSAGE-----
Red Hat Security Advisory
Synopsis: Important: lspp-eal4-config-ibm and capp-lspp-eal4-config-hp security update
Advisory ID: RHSA-2008:0193-02
Product: Red Hat Enterprise Linux
Advisory URL: https://rhn.redhat.com/errata/RHSA-2008-0193.html
Issue date: 2008-04-01
CVE Names: CVE-2008-0884
Updated lspp-eal4-config-ibm and capp-lspp-eal4-config-hp packages that
fix a security issue are now available for Red Hat Enterprise Linux 5.
This update has been rated as having important security impact by the Red
Hat Security Response Team.
The lspp-eal4-config-ibm and capp-lspp-eal4-config-hp packages contain
utilities and documentation for configuring a machine for the Controlled
Access Protection Profile, or the Labeled Security Protection Profile.
It was discovered that use of the "capp-lspp-config" script results in the
"/etc/pam.d/system-auth" file being set to world-writable. Authorized local
users who have limited privileges could then exploit this to gain
additional access, or to escalate their privileges. (CVE-2008-0884)
This issue only affects users who have installed either of these packages
from the Red Hat FTP site as their base system configuration kickstart
New deployments using the lspp-eal4-config-ibm or capp-lspp-eal4-config-hp
packages are advised to upgrade to these updated packages, which resolve
For systems already deployed, the following command can be run as root to
restore the permissions to a secure setting:
chmod 0644 /etc/pam.d/system-auth
This update is available via the Red Hat FTP site.
4. Bugs fixed (http://bugzilla.redhat.com/):
435442 - CVE-2008-0884 system-auth-ac is world-writable
The Red Hat security contact is <email@example.com>. More contact
details at https://www.redhat.com/security/team/contact/
Copyright 2008 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)
-----END PGP SIGNATURE-----
RHSA-announce mailing list