The pam_xauth module is used to forward xauth information from user to user
in applications such as the su command.
Andreas Beck discovered that pam_xauth will forward authorization
information from the root account to unprivileged users. This could be
used by a local attacker to gain access to an administrator’s X session.
To exploit this vulnerability the attacker would have to get the
administrator, as root, to use su to access the account belonging to the
attacker.
Users of pam_xauth are advised to upgrade to these errata packages which
contain a patch which adds ACL (access control list) functionality to
pam_xauth and disallows root forwarding by default.
Thanks to Andreas Beck for reporting this issue.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
RedHat | any | i386 | pam-devel | < 0.75-46.7.3 | pam-devel-0.75-46.7.3.i386.rpm |
RedHat | any | ia64 | pam | < 0.75-46.7.3 | pam-0.75-46.7.3.ia64.rpm |
RedHat | any | ia64 | pam-devel | < 0.75-46.7.3 | pam-devel-0.75-46.7.3.ia64.rpm |
RedHat | any | i386 | pam | < 0.75-46.7.3 | pam-0.75-46.7.3.i386.rpm |