pam_console does not properly restore ownership for certain console devices when there are multiple users logged into the console and one user logs out, which might allow local users to gain privileges.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Enterprise_linux | Redhat | 4.4 (including) | 4.4 (including) |
| Red Hat Enterprise Linux 3 | RedHat | cdrtools-8:2.01.0.a32-0.EL3.6 | * |
| Red Hat Enterprise Linux 3 | RedHat | pam-0:0.75-72 | * |
| Red Hat Enterprise Linux 4 | RedHat | pam-0:0.77-66.23 | * |
| Red Hat Enterprise Linux 5 | RedHat | pam-0:0.99.6.2-3.26.el5 | * |
References
- ftp://patches.sgi.com/support/free/security/advisories/20070602-01-P.asc
- http://lists.grok.org.uk/pipermail/full-disclosure/2007-September/065902.html
- http://osvdb.org/37271
- http://secunia.com/advisories/25631
- http://secunia.com/advisories/25894
- http://secunia.com/advisories/26909
- http://secunia.com/advisories/27590
- http://secunia.com/advisories/27706
- http://secunia.com/advisories/28319
- http://security.gentoo.org/glsa/glsa-200711-23.xml
- http://support.avaya.com/elmodocs2/security/ASA-2007-526.htm
- http://www.redhat.com/support/errata/RHSA-2007-0465.html
- http://www.redhat.com/support/errata/RHSA-2007-0555.html
- http://www.redhat.com/support/errata/RHSA-2007-0737.html
- http://www.vupen.com/english/advisories/2007/3229
- https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=230823
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11483
- ftp://patches.sgi.com/support/free/security/advisories/20070602-01-P.asc
- http://lists.grok.org.uk/pipermail/full-disclosure/2007-September/065902.html
- http://osvdb.org/37271
- http://secunia.com/advisories/25631
- http://secunia.com/advisories/25894
- http://secunia.com/advisories/26909
- http://secunia.com/advisories/27590
- http://secunia.com/advisories/27706
- http://secunia.com/advisories/28319
- http://security.gentoo.org/glsa/glsa-200711-23.xml
- http://support.avaya.com/elmodocs2/security/ASA-2007-526.htm
- http://www.redhat.com/support/errata/RHSA-2007-0465.html
- http://www.redhat.com/support/errata/RHSA-2007-0555.html
- http://www.redhat.com/support/errata/RHSA-2007-0737.html
- http://www.vupen.com/english/advisories/2007/3229
- https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=230823
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11483