oss-sec mailing list archives
Re: potential OpenPAM vulnerability
From: Kurt Seifried <kseifried () redhat com>
Date: Tue, 08 Nov 2011 09:44:38 -0700
On 11/08/2011 08:56 AM, Sebastian Krahmer wrote:
Hi, OpenPAM, until recently, was not filtering the service argument of pam_start() invocations. This can lead to a root compromise. Note that Linux-PAM is entirely different as forbids anything with '/' inside. Please see http://c-skills.blogspot.com/2011/11/openpam-trickery.html for more discussion and PoC. This most likely affects FreeBSD and Solaris via the kcheckpass vector. regards, Sebastian
Please use CVE-2011-4122 for this issue. -- -Kurt Seifried / Red Hat Security Response Team
Current thread:
- potential OpenPAM vulnerability Sebastian Krahmer (Nov 08)
- Re: potential OpenPAM vulnerability Kurt Seifried (Nov 08)