Technical Description

A vulnerability has been identified in Fedora, which could be exploited by malicious users to bypass security restrictions. This issue is caused by an error in "pam_console" that does not properly restore ownership for certain console devices when there are multiple users logged into the console and one user logs out, which could be exploited to potentially obtain elevated privileges.

Affected Products

Fedora Core 6

Solution

Upgrade the affected packages :

http://download.fedora.redhat.com/pub/fedora/linux/core/updates/6/

3211a0e1c55f6ce20e8c1cff277bbee009527697 SRPMS/pam-0.99.6.2-3.22.fc6.src.rpm
3211a0e1c55f6ce20e8c1cff277bbee009527697 noarch/pam-0.99.6.2-3.22.fc6.src.rpm
873b01bdc3788e002e829373756a8f4110c8316b ppc/pam-devel-0.99.6.2-3.22.fc6.ppc.rpm
d9ab52bb0c3a11963c92c395f7c776a7da5a71cf ppc/debug/pam-debuginfo-0.99.6.2-3.22.fc6.ppc.rpm
09d38ba0e9a7ea9c46b3640bd7989091d6e1a560 ppc/pam-0.99.6.2-3.22.fc6.ppc.rpm
f4e515041e8e13325ed4974d8132a384eba1876e x86_64/debug/pam-debuginfo-0.99.6.2-3.22.fc6.x86_64.rpm
e9c45da6e689cb8f3676a5da6577279461d8cc71 x86_64/pam-0.99.6.2-3.22.fc6.x86_64.rpm
195ab2ecd72583873c100b7129708c895dee1c78 x86_64/pam-devel-0.99.6.2-3.22.fc6.x86_64.rpm
9b0b82300122e23e80593d64990a2e1325f20388 i386/debug/pam-debuginfo-0.99.6.2-3.22.fc6.i386.rpm
9c89fd3b52bb6b0c312bfdcccf18cb5c5067c8fd i386/pam-devel-0.99.6.2-3.22.fc6.i386.rpm
fd61ee4978dda42c7bac51ef6cea1f7338ef425b i386/pam-0.99.6.2-3.22.fc6.i386.rpm

References

http://www.vupen.com/english/advisories/2007/2136
https://www.redhat.com/archives/fedora-package-announce/2007-June/msg00159.html

ChangeLog

2007-06-12 : Initial release

Vulnerability Management

Subscribe to VUPEN VNS and receive real-time alerts when new advisories or patches relevant to your systems and network configurations are available.

Feedback

If you have additional information or corrections for this security advisory please submit them via our contact form.