Re: potential OpenPAM vulnerability

[Kurt Seifried <kseifried () redhat com>]

On 11/08/2011 08:56 AM, Sebastian Krahmer wrote:
> Hi,
>
> OpenPAM, until recently, was not filtering the service argument of
> pam_start() invocations. This can lead to a root compromise.
> Note that Linux-PAM is entirely different as forbids anything with '/'
> inside.
>
> Please see 
>
> http://c-skills.blogspot.com/2011/11/openpam-trickery.html
>
> for more discussion and PoC.
> This most likely affects FreeBSD and Solaris via the kcheckpass
> vector.
>
> regards,
> Sebastian
Please use CVE-2011-4122 for this issue.

-- 

-Kurt Seifried / Red Hat Security Response Team