Articles / Ubuntu: New PAM packages fi…

Ubuntu: New PAM packages fix security vulnerabilities

Denis Excoffier discovered that the PAM MOTD module in Ubuntu did not correctly handle path permissions when creating user file stamps. A local attacker could exploit this to gain root privilieges. Updated packages are available from security.ubuntu.com.

===========================================================
Ubuntu Security Notice USN-959-1              July 07, 2010
pam vulnerability
CVE-2010-0832
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 9.10
Ubuntu 10.04 LTS

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 9.10:
 libpam-modules                  1.1.0-2ubuntu1.1

Ubuntu 10.04 LTS:
 libpam-modules                  1.1.1-2ubuntu5

In general, a standard system update will make all the necessary changes.

Details follow:

Denis Excoffier discovered that the PAM MOTD module in Ubuntu did
not correctly handle path permissions when creating user file stamps.
A local attacker could exploit this to gain root privilieges.


Updated packages for Ubuntu 9.10:

 Source archives:

   http://security.ubuntu.com/ubuntu/pool/main/p/pam/pam_1.1.0-2ubuntu1.1.diff.gz
     Size/MD5:   260774 2ec56b644febfb1fd3c3a5f2a2361130
   http://security.ubuntu.com/ubuntu/pool/main/p/pam/pam_1.1.0-2ubuntu1.1.dsc
     Size/MD5:     1648 dac6d17eabee6953c017c62185414d16
   http://security.ubuntu.com/ubuntu/pool/main/p/pam/pam_1.1.0.orig.tar.gz
     Size/MD5:  1739305 004ea633a4bd4d059e68f75b9fab4d35

 Architecture independent packages:

   http://security.ubuntu.com/ubuntu/pool/main/p/pam/libpam-doc_1.1.0-2ubuntu1.1_all.deb
     Size/MD5:   315856 28aedc3f904e50b54c9a2d7d5f691484
   http://security.ubuntu.com/ubuntu/pool/main/p/pam/libpam-runtime_1.1.0-2ubuntu1.1_all.deb
     Size/MD5:   114826 b9d20a67aafade65b6af0cac023bdac7

 amd64 architecture (Athlon64, Opteron, EM64T Xeon):

   http://security.ubuntu.com/ubuntu/pool/main/p/pam/libpam-cracklib_1.1.0-2ubuntu1.1_amd64.deb
     Size/MD5:    84582 2722dd440bceb99682dc3429d6c66ab9
   http://security.ubuntu.com/ubuntu/pool/main/p/pam/libpam-modules_1.1.0-2ubuntu1.1_amd64.deb
     Size/MD5:   381616 bc4b2d752054b26571b1551ee8fc3c24
   http://security.ubuntu.com/ubuntu/pool/main/p/pam/libpam0g-dev_1.1.0-2ubuntu1.1_amd64.deb
     Size/MD5:   191018 7be9e071f3636b80ca52373a635e017b
   http://security.ubuntu.com/ubuntu/pool/main/p/pam/libpam0g_1.1.0-2ubuntu1.1_amd64.deb
     Size/MD5:   127220 a8e5f4206fa6f65d77e55fdbea03e5df

 i386 architecture (x86 compatible Intel/AMD):

   http://security.ubuntu.com/ubuntu/pool/main/p/pam/libpam-cracklib_1.1.0-2ubuntu1.1_i386.deb
     Size/MD5:    84230 fab89a299667ee0f37191662d1ec91b7
   http://security.ubuntu.com/ubuntu/pool/main/p/pam/libpam-modules_1.1.0-2ubuntu1.1_i386.deb
     Size/MD5:   359888 243b7cd25c68b7bf7f497279af2260f0
   http://security.ubuntu.com/ubuntu/pool/main/p/pam/libpam0g-dev_1.1.0-2ubuntu1.1_i386.deb
     Size/MD5:   188554 c5d5ae6cc4f1a773cc957e87b72cf417
   http://security.ubuntu.com/ubuntu/pool/main/p/pam/libpam0g_1.1.0-2ubuntu1.1_i386.deb
     Size/MD5:   124250 d896c2a0b882135b34bae661a25c829f

 lpia architecture (Low Power Intel Architecture):

   http://ports.ubuntu.com/pool/main/p/pam/libpam-cracklib_1.1.0-2ubuntu1.1_lpia.deb
     Size/MD5:    84148 229e72e88d8c525ebac2d4d2086d8f8f
   http://ports.ubuntu.com/pool/main/p/pam/libpam-modules_1.1.0-2ubuntu1.1_lpia.deb
     Size/MD5:   358290 bf7479c4b8e9dded50c713f8c179cda9
   http://ports.ubuntu.com/pool/main/p/pam/libpam0g-dev_1.1.0-2ubuntu1.1_lpia.deb
     Size/MD5:   187374 77a5308ea618047fba8e371e33db7852
   http://ports.ubuntu.com/pool/main/p/pam/libpam0g_1.1.0-2ubuntu1.1_lpia.deb
     Size/MD5:   123886 3edf4fe8d51c3def26eae4d5b54a3c47

 powerpc architecture (Apple Macintosh G3/G4/G5):

   http://ports.ubuntu.com/pool/main/p/pam/libpam-cracklib_1.1.0-2ubuntu1.1_powerpc.deb
     Size/MD5:    84792 8012d58474360ba290b418796f53b3dd
   http://ports.ubuntu.com/pool/main/p/pam/libpam-modules_1.1.0-2ubuntu1.1_powerpc.deb
     Size/MD5:   380980 e7b4f667271876091017a8e5c8fb6570
   http://ports.ubuntu.com/pool/main/p/pam/libpam0g-dev_1.1.0-2ubuntu1.1_powerpc.deb
     Size/MD5:   188930 ea33722bea5e4304e968093b70396df9
   http://ports.ubuntu.com/pool/main/p/pam/libpam0g_1.1.0-2ubuntu1.1_powerpc.deb
     Size/MD5:   127514 eb35897557798d4dc9a3394989441400

 sparc architecture (Sun SPARC/UltraSPARC):

   http://ports.ubuntu.com/pool/main/p/pam/libpam-cracklib_1.1.0-2ubuntu1.1_sparc.deb
     Size/MD5:    84546 4579c413e373c930c15b1feea43f27c0
   http://ports.ubuntu.com/pool/main/p/pam/libpam-modules_1.1.0-2ubuntu1.1_sparc.deb
     Size/MD5:   366918 ef7abe3044905be705692b7a09243dcd
   http://ports.ubuntu.com/pool/main/p/pam/libpam0g-dev_1.1.0-2ubuntu1.1_sparc.deb
     Size/MD5:   187018 e324318f10dd0c96fdc97cca1cbdeb07
   http://ports.ubuntu.com/pool/main/p/pam/libpam0g_1.1.0-2ubuntu1.1_sparc.deb
     Size/MD5:   122882 b15ad14b406b6621e164a0bb237fa3ef

Updated packages for Ubuntu 10.04:

 Source archives:

   http://security.ubuntu.com/ubuntu/pool/main/p/pam/pam_1.1.1-2ubuntu5.diff.gz
     Size/MD5:   238745 f085e37315451c2778ceeacad60966bf
   http://security.ubuntu.com/ubuntu/pool/main/p/pam/pam_1.1.1-2ubuntu5.dsc
     Size/MD5:     1636 1dfddb112a8f417c2b0fa62fa0d52744
   http://security.ubuntu.com/ubuntu/pool/main/p/pam/pam_1.1.1.orig.tar.gz
     Size/MD5:  1799415 b4838d787dd9b046a4d6992e18b6ffac

 Architecture independent packages:

   http://security.ubuntu.com/ubuntu/pool/main/p/pam/libpam-doc_1.1.1-2ubuntu5_all.deb
     Size/MD5:   314838 1cd62135ea43c9dedbb16f3c1da2c49d
   http://security.ubuntu.com/ubuntu/pool/main/p/pam/libpam-runtime_1.1.1-2ubuntu5_all.deb
     Size/MD5:   114802 e7abc7b52d847295555242288273f767

 amd64 architecture (Athlon64, Opteron, EM64T Xeon):

   http://security.ubuntu.com/ubuntu/pool/main/p/pam/libpam-cracklib_1.1.1-2ubuntu5_amd64.deb
     Size/MD5:    87274 c29e21faec36bcaebe35a48e080d79f5
   http://security.ubuntu.com/ubuntu/pool/main/p/pam/libpam-modules_1.1.1-2ubuntu5_amd64.deb
     Size/MD5:   379988 198a067f524a4bb16ca9439f86391d71
   http://security.ubuntu.com/ubuntu/pool/main/p/pam/libpam0g-dev_1.1.1-2ubuntu5_amd64.deb
     Size/MD5:   188710 ba81edf6c2392b055f4733f726bbaa7f
   http://security.ubuntu.com/ubuntu/pool/main/p/pam/libpam0g_1.1.1-2ubuntu5_amd64.deb
     Size/MD5:   126120 41fd43e5ee4d80e61fcb6559e3199a00

 i386 architecture (x86 compatible Intel/AMD):

   http://security.ubuntu.com/ubuntu/pool/main/p/pam/libpam-cracklib_1.1.1-2ubuntu5_i386.deb
     Size/MD5:    86994 49edae786255f9b096fe4145a7d23ff7
   http://security.ubuntu.com/ubuntu/pool/main/p/pam/libpam-modules_1.1.1-2ubuntu5_i386.deb
     Size/MD5:   358148 5e2b29f58356c82f5090554f5df912ae
   http://security.ubuntu.com/ubuntu/pool/main/p/pam/libpam0g-dev_1.1.1-2ubuntu5_i386.deb
     Size/MD5:   183276 64fa5b3e4ca8f5d30c92cd6425eb3cb0
   http://security.ubuntu.com/ubuntu/pool/main/p/pam/libpam0g_1.1.1-2ubuntu5_i386.deb
     Size/MD5:   122720 70647b5716631abde54544e61efb9aea

 powerpc architecture (Apple Macintosh G3/G4/G5):

   http://ports.ubuntu.com/pool/main/p/pam/libpam-cracklib_1.1.1-2ubuntu5_powerpc.deb
     Size/MD5:    87594 87844d3898231769e9db4aee0d454d71
   http://ports.ubuntu.com/pool/main/p/pam/libpam-modules_1.1.1-2ubuntu5_powerpc.deb
     Size/MD5:   379036 b5370dea49eba34b4fc564be97b305c4
   http://ports.ubuntu.com/pool/main/p/pam/libpam0g-dev_1.1.1-2ubuntu5_powerpc.deb
     Size/MD5:   188712 00d91db20163f7a768aaeff1cbcbe539
   http://ports.ubuntu.com/pool/main/p/pam/libpam0g_1.1.1-2ubuntu5_powerpc.deb
     Size/MD5:   126382 f0ec306eaa945316851d59d8b579c28f

 sparc architecture (Sun SPARC/UltraSPARC):

   http://ports.ubuntu.com/pool/main/p/pam/libpam-cracklib_1.1.1-2ubuntu5_sparc.deb
     Size/MD5:    87312 bf47bb8c5a9ce02f8d606b7021def8f7
   http://ports.ubuntu.com/pool/main/p/pam/libpam-modules_1.1.1-2ubuntu5_sparc.deb
     Size/MD5:   372130 d78496ad4c242c89d8c7d0b62cd540c5
   http://ports.ubuntu.com/pool/main/p/pam/libpam0g-dev_1.1.1-2ubuntu5_sparc.deb
     Size/MD5:   184682 dc7bd434195b4707e75ef9716d751f0f
   http://ports.ubuntu.com/pool/main/p/pam/libpam0g_1.1.1-2ubuntu5_sparc.deb
     Size/MD5:   122362 e2b1204eca46b0b6eab017c46a718c9a
Screenshot

Project Spotlight

Kigo Video Converter Ultimate for Mac

A tool for converting and editing videos.

Screenshot

Project Spotlight

Kid3

An efficient tagger for MP3, Ogg/Vorbis, and FLAC files.