[MBT] new ticket for pkg xdm "Privilege escalation with specific PAM modules."
bugs at pld-linux.org
bugs at pld-linux.org
Wed Jan 28 17:06:36 CET 2004
Date: 2004-01-28 17:06:35+01 Author: (kreutzm) <kreutzm at itp.uni-hannover.de>
Title: Privilege escalation with specific PAM modules.
Ticket ID: #821
Ticket URL: http://bugs.pld-linux.org/?bug=821
Package: xdm-1:4.2.1-8
Distribution: PLD-1.0.main
Category: security problem
Current state: opened
Text:
This is CAN CAN-2003-0690:
KDM in KDE 3.1.3 and earlier does not verify whether the pam_setcred function call succeeds, which may allow attackers to gain root privileges by triggering error conditions within PAM modules, as demonstrated in certain configurations of the MIT pam_krb5 module.
About the KDE-Part I don't care, but according to the security pages on Linux Weekly News:
* CAN-2003-0690: Privilege escalation with specific PAM modules.
The XDM display manager that ships with XFree86 prior
to 4.3 is also vulnerable.
More information about the pld-bugs
mailing list