Multiple Linux Vendor pam_console Vulnerability
BID:1176
Info
Multiple Linux Vendor pam_console Vulnerability
| Bugtraq ID: | 1176 |
| Class: | Access Validation Error |
| CVE: | |
| Remote: | No |
| Local: | Yes |
| Published: | May 03 2000 12:00AM |
| Updated: | May 03 2000 12:00AM |
| Credit: | This vulnerability was posted to the Bugtraq mailing list on May 2, 2000 by Michal Zalewski <[email protected]> |
| Vulnerable: |
Redhat Linux 6.2 sparc Redhat Linux 6.2 i386 Redhat Linux 6.2 alpha Redhat Linux 6.1 sparc Redhat Linux 6.1 i386 Redhat Linux 6.1 alpha Redhat Linux 6.0 sparc Redhat Linux 6.0 alpha Redhat Linux 6.0 |
| Not Vulnerable: | |
Discussion
Multiple Linux Vendor pam_console Vulnerability
A vulnerability exists in the pam_console PAM module, included as part of any Linux system running PAM. pam_console exists to own certain devices to users logging in to the console of a Linux machine. It is designed to allow only console users to utilize things such as sound devices. It will chown devices to users upon logging in, and chown them back to being owned by root upon logout. However, as certain devices do not have a 'hangup' mechanism, like a tty device, it is possible for a local user to continue to monitor activity on certain devices after logging out. This could allow an malicious user to sniff other users console sessions, and potentially obtain the root password if the root user logs in, or a user su's to root. They could also surreptitiously execute commands as the user on the console.
A vulnerability exists in the pam_console PAM module, included as part of any Linux system running PAM. pam_console exists to own certain devices to users logging in to the console of a Linux machine. It is designed to allow only console users to utilize things such as sound devices. It will chown devices to users upon logging in, and chown them back to being owned by root upon logout. However, as certain devices do not have a 'hangup' mechanism, like a tty device, it is possible for a local user to continue to monitor activity on certain devices after logging out. This could allow an malicious user to sniff other users console sessions, and potentially obtain the root password if the root user logs in, or a user su's to root. They could also surreptitiously execute commands as the user on the console.
Exploit / POC
Multiple Linux Vendor pam_console Vulnerability
Exploit available:
Exploit available:
Solution / Fix
Multiple Linux Vendor pam_console Vulnerability
References
Multiple Linux Vendor pam_console Vulnerability
References:
References: