|
|
|
View Notes By
|
|
|
|
Other Documents
|
|
|
|
 |
Vulnerability Note VU#911505
pam_xauth may insecurely forward "X MIT-Magic-Cookies" to new sessions
OverviewA vulnerability exists in pam_xauth that may allow a local attacker to gain access to an administrator's X session.
I. Descriptionpam_xauth is used to forward xauth keys (or cookies) between users. From the pam_xauth man page:
Without pam_xauth, when xauth is enabled and a user uses the su command to
assume superuser priviledges, that user is not able to run X commands as
root without somehow giving root access to the xauth key used for the
current X session. pam_xauth solves the problem by forwarding the key from
the user running su (the source user) to the user whose identity the source
user is assuming (the target user) when the session is created, and
destroying the key when the session is torn down.
If a local attacker can cause the system administrator to su to the attacker's account, the attacker may be able to gain access to an administrator's X session. For further technical details, please see Andreas Beck's advisory.
II. ImpactA local attacker may be able to gain access to an administrator's X session.
III. SolutionApply a patch from your vendor.
Systems Affected
References
http://marc.theaimsgroup.com/?l=bugtraq&m=104431622818954&w=2
http://www.securityfocus.com/bid/6753
http://www.rt.com/man/pam_xauth.8.html
Credit
This vulnerability was discovered by Andreas Beck.
This document was written by Ian A Finlay.
Other Information
| Date Public: | 2003-02-03 |
| Date First Published: | 2003-05-04 |
| Date Last Updated: | 2003-06-17 |
| CERT Advisory: | |
| CVE-ID(s): | CAN-2002-1160 |
| NVD-ID(s): | CAN-2002-1160 |
| US-CERT Technical Alerts: | |
| Metric: | 12.94 |
| Document Revision: | 11 |
If you have feedback, comments, or additional information about this vulnerability, please send us
email.
|
|