SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


Try our Premium Alert Service
 
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service





Category:   Application (Generic)  >   Red Hat Labeled Security Protection Profile Script Vendors:   Red Hat
Red Hat lspp-eal4-config-ibm and capp-lspp-eal4-config-hp Labeled Security Protection Profile Scripts Let Local Users Gain Elevated Privileges
SecurityTracker Alert ID:  1019740
SecurityTracker URL:  http://securitytracker.com/id/1019740
CVE Reference:   CVE-2008-0884   (Links to External Site)
Date:  Apr 1 2008
Impact:   User access via local system
Fix Available:  Yes  Vendor Confirmed:  Yes  

Description:   A vulnerability was reported in the Red Hat lspp-eal4-config-ibm and capp-lspp-eal4-config-hp Labeled Security Protection Profile packages. A local user can obtain elevated privileges on the target system.

The lspp-eal4-config-ibm and capp-lspp-eal4-config-hp packages cause the '/etc/pam.d/system-auth' file to be configured as world-writable. A local user can modify the file to potentially gain elevated privileges.

Only systems that have installed either of these packages from the Red Hat FTP site as their base system configuration kickstart script are affected.

Impact:   A local user can obtain elevated privileges on the target system.
Solution:   Red Hat has issued the following fixes:

ftp://ftp.redhat.com/pub/redhat/linux/eal/EAL4_RHEL5/IBM/RPMS/lspp-eal4-config-ibm-0.65-2.el5.noarch.rpm

ftp://ftp.redhat.com/pub/redhat/linux/eal/EAL4_RHEL5/HP/RPMS/capp-lspp-eal4-config-hp-0.65-2.el5.noarch.rpm

For systems that have already been deployed, the following command can be run as root to restore the permissions to a secure setting:

chmod 0644 /etc/pam.d/system-auth

The Red Hat advisory is available at:

https://rhn.redhat.com/errata/RHSA-2008-0193.html

Vendor URL:  rhn.redhat.com/errata/RHSA-2008-0193.html (Links to External Site)
Cause:   Configuration error
Underlying OS:  Linux (Red Hat Enterprise)

Message History:   None.


 Source Message Contents

Subject:  [RHSA-2008:0193-02] Important: lspp-eal4-config-ibm and

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Important: lspp-eal4-config-ibm and capp-lspp-eal4-config-hp security update
Advisory ID:       RHSA-2008:0193-02
Product:           Red Hat Enterprise Linux
Advisory URL:      https://rhn.redhat.com/errata/RHSA-2008-0193.html
Issue date:        2008-04-01
CVE Names:         CVE-2008-0884 
=====================================================================

1. Summary:

Updated lspp-eal4-config-ibm and capp-lspp-eal4-config-hp packages that
fix a security issue are now available for Red Hat Enterprise Linux 5.

This update has been rated as having important security impact by the Red
Hat Security Response Team.

2. Description:

The lspp-eal4-config-ibm and capp-lspp-eal4-config-hp packages contain
utilities and documentation for configuring a machine for the Controlled
Access Protection Profile, or the Labeled Security Protection Profile.

It was discovered that use of the "capp-lspp-config" script results in the
"/etc/pam.d/system-auth" file being set to world-writable. Authorized local
users who have limited privileges could then exploit this to gain
additional access, or to escalate their privileges. (CVE-2008-0884)

This issue only affects users who have installed either of these packages
from the Red Hat FTP site as their base system configuration kickstart
script.

New deployments using the lspp-eal4-config-ibm or capp-lspp-eal4-config-hp
packages are advised to upgrade to these updated packages, which resolve
this issue.

For systems already deployed, the following command can be run as root to
restore the permissions to a secure setting:

chmod 0644 /etc/pam.d/system-auth

3. Solution:

This update is available via the Red Hat FTP site.  

ftp://ftp.redhat.com/pub/redhat/linux/eal/EAL4_RHEL5/IBM/RPMS/lspp-eal4-config-ibm-0.65-2.el5.noarch.rpm
ftp://ftp.redhat.com/pub/redhat/linux/eal/EAL4_RHEL5/HP/RPMS/capp-lspp-eal4-config-hp-0.65-2.el5.noarch.rpm

4. Bugs fixed (http://bugzilla.redhat.com/):

435442 - CVE-2008-0884 system-auth-ac is world-writable

5. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0884
http://www.redhat.com/security/updates/classification/#important

6. Contact:

The Red Hat security contact is <secalert@redhat.com>.  More contact
details at https://www.redhat.com/security/team/contact/

Copyright 2008 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)

iD8DBQFH8kZFXlSAg2UNWIIRAhk8AJ96YmzPO8oVcWsXCmpZOM4KSIsoQQCfSEjv
dFSW0Ib6HTU9LOAVdS/Q7Tk=
=xphM
-----END PGP SIGNATURE-----


--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce

 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2018, SecurityGlobal.net LLC