U programskom paketu pam_ssh otkriven je sigurnosni propust kojeg mogu iskoristiti lokalni napadači za povećanje svojih ovlasti.
| Paket: | pam_ssh 1.x |
| Operacijski sustavi: | Fedora 13, Fedora 14, Fedora 15 |
| Problem: | nepravilno rukovanje ovlastima |
| Iskorištavanje: | lokalno |
| Posljedica: | dobivanje većih privilegija |
| Rješenje: | programska zakrpa proizvođača |
| Izvorni ID preporuke: | FEDORA-2011-8036 |
| Izvor: | Fedora |
| Problem: | |
| Propust je otkriven u PAM dodatku koji se koristi za rad sa SSH ključevima, a posljedica je nepravilnog rukovanja SGID ovlastima. |
|
| Posljedica: | |
| Propust mogu iskoristiti lokalni napadači kako bi povećali ovlasti na ranjivom sustavu. |
|
| Rješenje: | |
| Preporuča se korištenje službenih programskih zakrpi koje otklanjaju opisani propust. |
|
Izvorni tekst preporuke
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2011-8036
2011-06-08 23:33:49
--------------------------------------------------------------------------------
Name : pam_ssh
Product : Fedora 13
Version : 1.97
Release : 7.fc13
URL : http://sourceforge.net/projects/pam-ssh/
Summary : PAM module for use with SSH keys and ssh-agent
Description :
This PAM module provides single sign-on behavior for UNIX using SSH keys.
Users are authenticated by decrypting their SSH private keys with the
password provided. In the first PAM login session phase, an ssh-agent
process is started and keys are added. The same agent is used for the
following PAM sessions. In any case the appropriate environment variables
are set in the session phase.
--------------------------------------------------------------------------------
Update Information:
Drop root group privileges before executing ssh-agent (#711170)
--------------------------------------------------------------------------------
ChangeLog:
* Tue Jun 7 2011 Dmitry Butskoy <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 1.97-7
- Drop root group privileges properly before executing ssh-agent (#711170)
* Tue Feb 8 2011 Fedora Release Engineering <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.>
- 1.97-6
- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
* Wed Jan 5 2011 Dmitry Butskoy <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 1.97-5
- export only pam_sm_* symbols from the module
(else it could cause cross linking when used under sshd daemon)
* Mon Dec 13 2010 Dmitry Butskoy <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 1.97-4
- auto-create state dir under /var/run (#656657)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #711170 - pam_ssh: privileges not dropped properly before executing
ssh-agent
https://bugzilla.redhat.com/show_bug.cgi?id=711170
--------------------------------------------------------------------------------
This update can be installed with the "yum" update program. Use
su -c 'yum update pam_ssh' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
_______________________________________________
package-announce mailing list
Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.
https://admin.fedoraproject.org/mailman/listinfo/package-announce
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2011-8006
2011-06-08 23:32:38
--------------------------------------------------------------------------------
Name : pam_ssh
Product : Fedora 14
Version : 1.97
Release : 7.fc14
URL : http://sourceforge.net/projects/pam-ssh/
Summary : PAM module for use with SSH keys and ssh-agent
Description :
This PAM module provides single sign-on behavior for UNIX using SSH keys.
Users are authenticated by decrypting their SSH private keys with the
password provided. In the first PAM login session phase, an ssh-agent
process is started and keys are added. The same agent is used for the
following PAM sessions. In any case the appropriate environment variables
are set in the session phase.
--------------------------------------------------------------------------------
Update Information:
Drop root group privileges before executing ssh-agent (#711170)
--------------------------------------------------------------------------------
ChangeLog:
* Tue Jun 7 2011 Dmitry Butskoy <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 1.97-7
- Drop root group privileges properly before executing ssh-agent (#711170)
* Tue Feb 8 2011 Fedora Release Engineering <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.>
- 1.97-6
- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
* Wed Jan 5 2011 Dmitry Butskoy <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 1.97-5
- export only pam_sm_* symbols from the module
(else it could cause cross linking when used under sshd daemon)
* Mon Dec 13 2010 Dmitry Butskoy <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 1.97-4
- auto-create state dir under /var/run (#656657)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #711170 - pam_ssh: privileges not dropped properly before executing
ssh-agent
https://bugzilla.redhat.com/show_bug.cgi?id=711170
--------------------------------------------------------------------------------
This update can be installed with the "yum" update program. Use
su -c 'yum update pam_ssh' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
_______________________________________________
package-announce mailing list
Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.
https://admin.fedoraproject.org/mailman/listinfo/package-announce
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2011-8022
2011-06-08 23:33:15
--------------------------------------------------------------------------------
Name : pam_ssh
Product : Fedora 15
Version : 1.97
Release : 7.fc15
URL : http://sourceforge.net/projects/pam-ssh/
Summary : PAM module for use with SSH keys and ssh-agent
Description :
This PAM module provides single sign-on behavior for UNIX using SSH keys.
Users are authenticated by decrypting their SSH private keys with the
password provided. In the first PAM login session phase, an ssh-agent
process is started and keys are added. The same agent is used for the
following PAM sessions. In any case the appropriate environment variables
are set in the session phase.
--------------------------------------------------------------------------------
Update Information:
Drop root group privileges before executing ssh-agent (#711170)
--------------------------------------------------------------------------------
ChangeLog:
* Tue Jun 7 2011 Dmitry Butskoy <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 1.97-7
- Drop root group privileges properly before executing ssh-agent (#711170)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #711170 - pam_ssh: privileges not dropped properly before executing
ssh-agent
https://bugzilla.redhat.com/show_bug.cgi?id=711170
--------------------------------------------------------------------------------
This update can be installed with the "yum" update program. Use
su -c 'yum update pam_ssh' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
_______________________________________________
package-announce mailing list
Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.
https://admin.fedoraproject.org/mailman/listinfo/package-announce
Posljednje sigurnosne preporuke