pam_wheel in Linux-PAM 0.78, with the trust option enabled and the use_uid option disabled, allows local users to spoof log entries and gain privileges by causing getlogin() to return a spoofed user name.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Linux_pam | Andrew_morgan | * | 0.77 (including) |
| Red Hat Enterprise Linux AS (Advanced Server) version 2.1 | RedHat | * | |
| Red Hat Enterprise Linux ES version 2.1 | RedHat | * | |
| Red Hat Enterprise Linux WS version 2.1 | RedHat | * | |
| Red Hat Linux Advanced Workstation 2.1 | RedHat | * |
References
- http://marc.info/?l=bugtraq\u0026m=105577915506761\u0026w=2
- http://www.idefense.com/advisory/06.16.03.txt
- http://www.redhat.com/support/errata/RHSA-2004-304.html
- http://marc.info/?l=bugtraq\u0026m=105577915506761\u0026w=2
- http://www.idefense.com/advisory/06.16.03.txt
- http://www.redhat.com/support/errata/RHSA-2004-304.html