FrSIRT - Fedora Security Update Fixes "pam_console" Device Ownership Security Bypass / Exploit (Security Advisories)

French Security Incident Response Team

French

English

Fedora Security Update Fixes "pam_console" Device Ownership Security Bypass

Title : Fedora Security Update Fixes "pam_console" Device Ownership Security Bypass
Advisory ID : FrSIRT/ADV-2007-2136
CVE ID : CVE-2007-1716
Rated as : Low Risk

Remotely Exploitable : No
Locally Exploitable : Yes
Release Date : 2007-06-12

Advisory Details

Description

Affected Products

Solution

References

Technical Description

A vulnerability has been identified in Fedora, which could be exploited by malicious users to bypass security restrictions [...]

Solution

Upgrade the affected packages :

http://download.fedora.redhat.com/pub/fedora/linux/core/updates/6/

3211a0e1c55f6ce20e8c1cff277bbee009527697 SRPMS/pam-0.99.6.2-3.22.fc6.src.rpm
3211a0e1c55f6ce20e8c1cff277bbee009527697 noarch/pam-0.99.6.2-3.22.fc6.src.rpm
873b01bdc3788e002e829373756a8f4110c8316b ppc/pam-devel-0.99.6.2-3.22.fc6.ppc.rpm
d9ab52bb0c3a11963c92c395f7c776a7da5a71cf ppc/debug/pam-debuginfo-0.99.6.2-3.22.fc6.ppc.rpm
09d38ba0e9a7ea9c46b3640bd7989091d6e1a560 ppc/pam-0.99.6.2-3.22.fc6.ppc.rpm
f4e515041e8e13325ed4974d8132a384eba1876e x86_64/debug/pam-debuginfo-0.99.6.2-3.22.fc6.x86_64.rpm
e9c45da6e689cb8f3676a5da6577279461d8cc71 x86_64/pam-0.99.6.2-3.22.fc6.x86_64.rpm
195ab2ecd72583873c100b7129708c895dee1c78 x86_64/pam-devel-0.99.6.2-3.22.fc6.x86_64.rpm
9b0b82300122e23e80593d64990a2e1325f20388 i386/debug/pam-debuginfo-0.99.6.2-3.22.fc6.i386.rpm
9c89fd3b52bb6b0c312bfdcccf18cb5c5067c8fd i386/pam-devel-0.99.6.2-3.22.fc6.i386.rpm
fd61ee4978dda42c7bac51ef6cea1f7338ef425b i386/pam-0.99.6.2-3.22.fc6.i386.rpm

ChangeLog

2007-06-12 : Initial release

Vulnerability Management

Subscribe to FrSIRT VNS and receive real-time e-mail and SMS alerts when new vulnerabilities, exploits, or patches relevant to your systems and network configurations are available.

Feedback

If you have additional information or corrections for this security advisory please submit them via our contact form or by email to updates@frsirt.com.

Mailinglist

	Oracle Products Multiple Code Execution and Security Bypass Issues
	Oracle Products Command Execution and SQL Injection Vulnerabilities
	Oracle Products Multiple Code Execution and SQL Injection Vulnerabilities
	Oracle Database "PITRIG_DROPMETADATA" Buffer Overflow Vulnerability
	Oracle Products Multiple Code Execution and SQL Injection Vulnerabilities
	Oracle JInitiator ActiveX Control Multiple Remote Buffer Overflow Vulnerabilities
	Oracle Products Multiple Remote Command Execution and SQL Injection Vulnerabilities

	IBM AIX "swcons" Insecure Permission Privilege Escalation Vulnerability
	IBM WebSphere Application Server Cross Site Scripting Vulnerability
	IBM DB2 CLR Stored Procedures Unspecified Vulnerability
	IBM Lotus Quickr Multiple Cross Site Scripting Vulnerabilities
	IBM WebSphere Portal Remote Authentication Bypass Vulnerability
	IBM Rational ClearQuest Login Page Cross Site Scripting Vulnerability
	IBM WebSphere Application Server Security Exposure Vulnerabilities

	Apple Mac OS X Code Execution and Security Bypass Vulnerabilities
	Apple iPhone and iPod touch Multiple Code Execution Vulnerabilities
	Apple Xcode Code Execution and Information Disclosure Vulnerabilities
	Apple TV Data Processing Remote Code Execution Vulnerabilities
	Apple Mac OS X Command Execution and Security Bypass Issues
	Apple Safari for Mac OS X Remote Code Execution Vulnerability
	Apple Mac OS X ARDAgent Local Privilege Escalation Vulnerability