Debian Pam Radius Auth File Information Disclosure Vulnerability

Bugtraq ID:	12375
Class:	Configuration Error
CVE:	CVE-2004-1340
Remote:	No
Local:	Yes
Published:	Jan 26 2005 12:00AM
Updated:	Jul 12 2009 10:06AM
Credit:	This vulnerability was announced by the vendor.
Vulnerable:	Debian Linux 3.0 sparc Debian Linux 3.0 s/390 Debian Linux 3.0 ppc Debian Linux 3.0 mipsel Debian Linux 3.0 mips Debian Linux 3.0 m68k Debian Linux 3.0 ia-64 Debian Linux 3.0 ia-32 Debian Linux 3.0 hppa Debian Linux 3.0 arm Debian Linux 3.0 alpha Debian Linux 3.0
Not Vulnerable:

Debian Pam Radius Auth File Information Disclosure Vulnerability

Debian Linux is reportedly affected by a local file information disclosure vulnerability. This issue is due to the application setting a PAM radius configuration file as world-readable during the installation of the affected package.

This issue is specific to Debian Linux.

Debian Pam Radius Auth File Information Disclosure Vulnerability

No exploit is required.

Debian Pam Radius Auth File Information Disclosure Vulnerability

Solution:
Debian Linux has released advisory DSA-659-1 addressing this and other issues. Please see the referenced advisory for more information.


Debian Linux 3.0 hppa

• Debian libpam-radius-auth_1.3.14-1.3_hppa.deb
  Debian GNU/Linux 3.0 (woody)
  http://security.debian.org/pool/updates/main/libp/libpam-radius-auth/l ibpam-radius-auth_1.3.14-1.3_hppa.deb

Debian Linux 3.0 ppc

• Debian libpam-radius-auth_1.3.14-1.3_powerpc.deb
  Debian GNU/Linux 3.0 (woody)
  http://security.debian.org/pool/updates/main/libp/libpam-radius-auth/l ibpam-radius-auth_1.3.14-1.3_powerpc.deb

Debian Linux 3.0 s/390

• Debian libpam-radius-auth_1.3.14-1.3_s390.deb
  Debian GNU/Linux 3.0 (woody)
  http://security.debian.org/pool/updates/main/libp/libpam-radius-auth/l ibpam-radius-auth_1.3.14-1.3_s390.deb

Debian Linux 3.0 arm

• Debian libpam-radius-auth_1.3.14-1.3_arm.deb
  Debian GNU/Linux 3.0 (woody)
  http://security.debian.org/pool/updates/main/libp/libpam-radius-auth/l ibpam-radius-auth_1.3.14-1.3_arm.deb

Debian Linux 3.0 alpha

• Debian libpam-radius-auth_1.3.14-1.3_alpha.deb
  Debian GNU/Linux 3.0 (woody)
  http://security.debian.org/pool/updates/main/libp/libpam-radius-auth/l ibpam-radius-auth_1.3.14-1.3_alpha.deb

Debian Linux 3.0 mips

• Debian libpam-radius-auth_1.3.14-1.3_mips.deb
  Debian GNU/Linux 3.0 (woody)
  http://security.debian.org/pool/updates/main/libp/libpam-radius-auth/l ibpam-radius-auth_1.3.14-1.3_mips.deb

Debian Linux 3.0 mipsel

• Debian libpam-radius-auth_1.3.14-1.3_mipsel.deb
  Debian GNU/Linux 3.0 (woody)
  http://security.debian.org/pool/updates/main/libp/libpam-radius-auth/l ibpam-radius-auth_1.3.14-1.3_mipsel.deb

Debian Linux 3.0 ia-32

• Debian libpam-radius-auth_1.3.14-1.3_i386.deb
  Debian GNU/Linux 3.0 (woody)
  http://security.debian.org/pool/updates/main/libp/libpam-radius-auth/l ibpam-radius-auth_1.3.14-1.3_i386.deb

Debian Linux 3.0 sparc

• Debian libpam-radius-auth_1.3.14-1.3_sparc.deb
  Debian GNU/Linux 3.0 (woody)
  http://security.debian.org/pool/updates/main/libp/libpam-radius-auth/l ibpam-radius-auth_1.3.14-1.3_sparc.deb

Debian Linux 3.0 m68k

• Debian libpam-radius-auth_1.3.14-1.3_m68k.deb
  Debian GNU/Linux 3.0 (woody)
  http://security.debian.org/pool/updates/main/libp/libpam-radius-auth/l ibpam-radius-auth_1.3.14-1.3_m68k.deb

Debian Linux 3.0 ia-64

• Debian libpam-radius-auth_1.3.14-1.3_ia64.deb
  Debian GNU/Linux 3.0 (woody)
  http://security.debian.org/pool/updates/main/libp/libpam-radius-auth/l ibpam-radius-auth_1.3.14-1.3_ia64.deb

Debian Pam Radius Auth File Information Disclosure Vulnerability

References: