Headline
CVE-2008-0884: 435442 – (CVE-2008-0884) CVE-2008-0884 system-auth-ac is world-writable
The Replace function in the capp-lspp-config script in the (1) lspp-eal4-config-ibm and (2) capp-lspp-eal4-config-hp packages before 0.65-2 in Red Hat Enterprise Linux (RHEL) 5 uses lstat instead of stat to determine the /etc/pam.d/system-auth file permissions, leading to a change to world-writable permissions for the /etc/pam.d/system-auth-ac file, which allows local users to gain privileges by modifying this file.
Keywords:
Status:
CLOSED ERRATA
Alias:
CVE-2008-0884
Product:
Security Response
Classification:
Other
Component:
vulnerability
Sub Component:
Version:
unspecified
Hardware:
All
OS:
Linux
Priority:
low
Severity:
low
Target Milestone:
—
Assignee:
Steve Grubb
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+
depends on / blocked
Reported:
2008-02-29 11:53 UTC by Mark J. Cox
Modified:
2019-09-29 12:23 UTC (History)
CC List:
3 users (show)
Fixed In Version:
Doc Type:
Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:
2008-04-24 11:11:41 UTC
Attachments
(Terms of Use)
Add an attachment (proposed patch, testcase, etc.)
Links
System
ID
Private
Priority
Status
Summary
Last Updated
Red Hat Product Errata
RHSA-2008:0193
0
normal
SHIPPED_LIVE
Important: lspp-eal4-config-ibm and capp-lspp-eal4-config-hp security update
2008-04-01 14:26:50 UTC