Technical Description

A vulnerability has been identified in Red Hat Enterprise Linux 5, which could be exploited by local attackers to gain elevated privileges. This issue is caused by an error in the "capp-lspp-config" script (included with the lspp-eal4-config-ibm and capp-lspp-eal4-config-hp packages) that sets "/etc/pam.d/system-auth" file to world-writable, which could allow malicious and unprivileged users to gain additional access, or to escalate their privileges.

Note: This issue only exists when the affected package is deployed as base system configuration kickstart script.

Affected Products

Red Hat Enterprise Linux (v. 5 server)
Red Hat Enterprise Linux Desktop (v. 5 client)
RHEL Desktop Workstation (v. 5 client)

Solution

Upgrade the affected packages :
ftp://ftp.redhat.com/pub/redhat/linux/eal/EAL4_RHEL5/IBM/RPMS/lspp-eal4-config-ibm-0.65-2.el5.noarch.rpm
ftp://ftp.redhat.com/pub/redhat/linux/eal/EAL4_RHEL5/HP/RPMS/capp-lspp-eal4-config-hp-0.65-2.el5.noarch.rpm

Restore file permissions for systems already deployed :
# chmod 0644 /etc/pam.d/system-auth

References

http://www.vupen.com/english/advisories/2008/1066
https://rhn.redhat.com/errata/RHSA-2008-0193.html

Credits

Vulnerability reported by the vendor.

ChangeLog

2008-04-02 : Initial release

Vulnerability Management

Subscribe to VUPEN VNS and receive real-time alerts when new advisories or patches relevant to your systems and network configurations are available.

Feedback

If you have additional information or corrections for this security advisory please submit them via our contact form.