pam-1.3.0-3.4 on GA media SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2024:10405-1 Final 1 1 2024-06-15T00:00:00Z current 2024-06-15T00:00:00Z 2024-06-15T00:00:00Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z pam-1.3.0-3.4 on GA media These are all security issues fixed in the pam-1.3.0-3.4 package on the GA media of openSUSE Tumbleweed. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Tumbleweed-2024-10405 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2010-3430/ SUSE CVE CVE-2010-3430 page https://www.suse.com/security/cve/CVE-2010-3431/ SUSE CVE CVE-2010-3431 page https://www.suse.com/security/cve/CVE-2010-3853/ SUSE CVE CVE-2010-3853 page https://www.suse.com/security/cve/CVE-2011-3148/ SUSE CVE CVE-2011-3148 page https://www.suse.com/security/cve/CVE-2011-3149/ SUSE CVE CVE-2011-3149 page https://www.suse.com/security/cve/CVE-2014-2583/ SUSE CVE CVE-2014-2583 page https://www.suse.com/security/cve/CVE-2015-3238/ SUSE CVE CVE-2015-3238 page openSUSE Tumbleweed pam-1.3.0-3.4 pam-32bit-1.3.0-3.4 pam-devel-1.3.0-3.4 pam-devel-32bit-1.3.0-3.4 pam-doc-1.3.0-3.4 pam-1.3.0-3.4 as a component of openSUSE Tumbleweed pam-32bit-1.3.0-3.4 as a component of openSUSE Tumbleweed pam-devel-1.3.0-3.4 as a component of openSUSE Tumbleweed pam-devel-32bit-1.3.0-3.4 as a component of openSUSE Tumbleweed pam-doc-1.3.0-3.4 as a component of openSUSE Tumbleweed The privilege-dropping implementation in the (1) pam_env and (2) pam_mail modules in Linux-PAM (aka pam) 1.1.2 does not perform the required setfsgid and setgroups system calls, which might allow local users to obtain sensitive information by leveraging unintended group permissions, as demonstrated by a symlink attack on the .pam_environment file in a user's home directory. NOTE: this vulnerability exists because of an incomplete fix for CVE-2010-3435. CVE-2010-3430 openSUSE Tumbleweed:pam-1.3.0-3.4 openSUSE Tumbleweed:pam-32bit-1.3.0-3.4 openSUSE Tumbleweed:pam-devel-1.3.0-3.4 openSUSE Tumbleweed:pam-devel-32bit-1.3.0-3.4 openSUSE Tumbleweed:pam-doc-1.3.0-3.4 moderate 4.7 AV:L/AC:M/Au:N/C:C/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2010-3430.html CVE-2010-3430 https://bugzilla.suse.com/623457 SUSE Bug 623457 https://bugzilla.suse.com/631802 SUSE Bug 631802 The privilege-dropping implementation in the (1) pam_env and (2) pam_mail modules in Linux-PAM (aka pam) 1.1.2 does not check the return value of the setfsuid system call, which might allow local users to obtain sensitive information by leveraging an unintended uid, as demonstrated by a symlink attack on the .pam_environment file in a user's home directory. NOTE: this vulnerability exists because of an incomplete fix for CVE-2010-3435. CVE-2010-3431 openSUSE Tumbleweed:pam-1.3.0-3.4 openSUSE Tumbleweed:pam-32bit-1.3.0-3.4 openSUSE Tumbleweed:pam-devel-1.3.0-3.4 openSUSE Tumbleweed:pam-devel-32bit-1.3.0-3.4 openSUSE Tumbleweed:pam-doc-1.3.0-3.4 moderate 1.9 AV:L/AC:M/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2010-3431.html CVE-2010-3431 https://bugzilla.suse.com/623457 SUSE Bug 623457 pam_namespace.c in the pam_namespace module in Linux-PAM (aka pam) before 1.1.3 uses the environment of the invoking application or service during execution of the namespace.init script, which might allow local users to gain privileges by running a setuid program that relies on the pam_namespace PAM check, as demonstrated by the sudo program. CVE-2010-3853 openSUSE Tumbleweed:pam-1.3.0-3.4 openSUSE Tumbleweed:pam-32bit-1.3.0-3.4 openSUSE Tumbleweed:pam-devel-1.3.0-3.4 openSUSE Tumbleweed:pam-devel-32bit-1.3.0-3.4 openSUSE Tumbleweed:pam-doc-1.3.0-3.4 moderate 6.9 AV:L/AC:M/Au:N/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2010-3853.html CVE-2010-3853 https://bugzilla.suse.com/647958 SUSE Bug 647958 Stack-based buffer overflow in the _assemble_line function in modules/pam_env/pam_env.c in Linux-PAM (aka pam) before 1.1.5 allows local users to cause a denial of service (crash) and possibly execute arbitrary code via a long string of white spaces at the beginning of the ~/.pam_environment file. CVE-2011-3148 openSUSE Tumbleweed:pam-1.3.0-3.4 openSUSE Tumbleweed:pam-32bit-1.3.0-3.4 openSUSE Tumbleweed:pam-devel-1.3.0-3.4 openSUSE Tumbleweed:pam-devel-32bit-1.3.0-3.4 openSUSE Tumbleweed:pam-doc-1.3.0-3.4 moderate 4.6 AV:L/AC:L/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2011-3148.html CVE-2011-3148 https://bugzilla.suse.com/724480 SUSE Bug 724480 The _expand_arg function in the pam_env module (modules/pam_env/pam_env.c) in Linux-PAM (aka pam) before 1.1.5 does not properly handle when environment variable expansion can overflow, which allows local users to cause a denial of service (CPU consumption). CVE-2011-3149 openSUSE Tumbleweed:pam-1.3.0-3.4 openSUSE Tumbleweed:pam-32bit-1.3.0-3.4 openSUSE Tumbleweed:pam-devel-1.3.0-3.4 openSUSE Tumbleweed:pam-devel-32bit-1.3.0-3.4 openSUSE Tumbleweed:pam-doc-1.3.0-3.4 moderate 2.1 AV:L/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2011-3149.html CVE-2011-3149 https://bugzilla.suse.com/724480 SUSE Bug 724480 Multiple directory traversal vulnerabilities in pam_timestamp.c in the pam_timestamp module for Linux-PAM (aka pam) 1.1.8 allow local users to create arbitrary files or possibly bypass authentication via a .. (dot dot) in the (1) PAM_RUSER value to the get_ruser function or (2) PAM_TTY value to the check_tty function, which is used by the format_timestamp_name function. CVE-2014-2583 openSUSE Tumbleweed:pam-1.3.0-3.4 openSUSE Tumbleweed:pam-32bit-1.3.0-3.4 openSUSE Tumbleweed:pam-devel-1.3.0-3.4 openSUSE Tumbleweed:pam-devel-32bit-1.3.0-3.4 openSUSE Tumbleweed:pam-doc-1.3.0-3.4 moderate 5.8 AV:N/AC:M/Au:N/C:P/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2014-2583.html CVE-2014-2583 https://bugzilla.suse.com/870433 SUSE Bug 870433 The _unix_run_helper_binary function in the pam_unix module in Linux-PAM (aka pam) before 1.2.1, when unable to directly access passwords, allows local users to enumerate usernames or cause a denial of service (hang) via a large password. CVE-2015-3238 openSUSE Tumbleweed:pam-1.3.0-3.4 openSUSE Tumbleweed:pam-32bit-1.3.0-3.4 openSUSE Tumbleweed:pam-devel-1.3.0-3.4 openSUSE Tumbleweed:pam-devel-32bit-1.3.0-3.4 openSUSE Tumbleweed:pam-doc-1.3.0-3.4 moderate 6.4 AV:N/AC:L/Au:N/C:P/I:N/A:P 5.8 AV:N/AC:M/Au:N/C:P/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2015-3238.html CVE-2015-3238 https://bugzilla.suse.com/1123794 SUSE Bug 1123794 https://bugzilla.suse.com/934920 SUSE Bug 934920