BID:30363

GNU Coreutils 'pam_succeed_if' PAM Local Authentication Bypass Vulnerability

Info

GNU Coreutils 'pam_succeed_if' PAM Local Authentication Bypass Vulnerability

Bugtraq ID:	30363
Class:	Design Error
CVE:	CVE-2008-1946
Remote:	No
Local:	Yes
Published:	Jul 24 2008 12:00AM
Updated:	Aug 29 2008 07:54PM
Credit:	Josh Bressers
Vulnerable:	Redhat Enterprise Linux WS 4 Redhat Enterprise Linux ES 4 Redhat Enterprise Linux AS 4 Redhat Enterprise Linux Desktop version 4 GNU Coreutils 5.2.1 GNU Coreutils 5.2 GNU Coreutils 5.1.3 GNU Coreutils 5.1.2 GNU Coreutils 5.1.1 GNU Coreutils 5.1 GNU Coreutils 5.0.91 GNU Coreutils 5.0.90 GNU Coreutils 5.0.1 GNU Coreutils 5.0 + Mandriva Linux Mandrake 9.2 amd64 + Mandriva Linux Mandrake 9.2 + Mandriva Linux Mandrake 9.2 GNU Coreutils 4.5.12 GNU Coreutils 4.5.11 GNU Coreutils 4.5.10 GNU Coreutils 4.5.9 GNU Coreutils 4.5.8 GNU Coreutils 4.5.7 + Mandriva Linux Mandrake 9.2 amd64 + Mandriva Linux Mandrake 9.2 + Mandriva Linux Mandrake 9.1 ppc + Mandriva Linux Mandrake 9.1 ppc + Mandriva Linux Mandrake 9.1 + Mandriva Linux Mandrake 9.1 GNU Coreutils 4.5.6 GNU Coreutils 4.5.5 GNU Coreutils 4.5.4 GNU Coreutils 4.5.3 + Redhat Linux 9.0 i386 GNU Coreutils 4.5.2 GNU Coreutils 4.5.2 GNU Coreutils 4.5.1 Avaya Voice Portal 3.0 Avaya Proactive Contact 0 Avaya Messaging Storage Server 3.1 Avaya Message Networking Avaya Meeting Exchange - Enterprise Edition Avaya Intuity AUDIX LX 2.0 Avaya EMMC 0 Avaya Aura SIP Enablement Services 3.1 Avaya Aura Application Enablement Services 3.0

Not Vulnerable:

Discussion

GNU Coreutils 'pam_succeed_if' PAM Local Authentication Bypass Vulnerability

GNU Coreutils is prone to a local authentication-bypass vulnerability.

A local attacker running the 'su' command can exploit this issue to gain unauthorized access to locked or expired accounts. Successfully exploiting this issue may lead to other attacks.

Exploit / POC

GNU Coreutils 'pam_succeed_if' PAM Local Authentication Bypass Vulnerability

An attacker can use readily available command-line utilities to exploit this issue.

Solution / Fix

GNU Coreutils 'pam_succeed_if' PAM Local Authentication Bypass Vulnerability

Solution:
Updates and an advisory are available. Please see the references for more information.

References

GNU Coreutils 'pam_succeed_if' PAM Local Authentication Bypass Vulnerability

References:

Coreutils Homepage (GNU)
Avaya Security Advisory ASA-2008-364 (Avaya)
RHSA-2008:0780-3 Low: coreutils security update (Red Hat)