thr3ads.net - Secure testing team - [Secure-testing-team] Bug#608273: CVE-2010-3853: pam_namespace executes namespace.init with service''s environment [Dec 2010]

If this information is useful, please help other people find it:
Share via:

Giuseppe Iuculano

2010-Dec-29 15:15 UTC

[Secure-testing-team] Bug#608273: CVE-2010-3853: pam_namespace executes namespace.init with service''s environment

Package: pam
Severity: serious
Tags: security patch

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Tomas Mraz pointed out that pam_namespace PAM module executes external
namespace.init script with an environment settings inherited form the program
or service that has pam_namespace configured.

Please see:

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-3853
http://pam.cvs.sourceforge.net/viewvc/pam/Linux-PAM/modules/pam_namespace/pam_namespace.c?view=log#rev1.13
https://rhn.redhat.com/errata/RHSA-2010-0819.html

If you fix the vulnerability please also make sure to include the
CVE id in your changelog entry.

Cheers,
Giuseppe.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iEYEARECAAYFAk0bUJsACgkQNxpp46476arzpwCfRYu4yznLD6z970bUPNbJkeE7
0qsAn10ej9XnZ3hnXoQF5PlGXZC9TYfD
=OuIG
-----END PGP SIGNATURE-----

Secure testing team - Dec 2010 - Bug#608273: CVE-2010-3853: pam_namespace executes namespace.init with service's environment

[Secure-testing-team] Bug#608273: CVE-2010-3853: pam_namespace executes namespace.init with service''s environment