漏洞信息详情

Ubuntu PAM Authentication 安全绕过漏洞

漏洞简介

PAM的pam-auth-update,当在Ubuntu 8.10版本和9.4版本以及Debian GNU/Linux中运行时,存在安全绕过漏洞。由于没有适当地指出在某个罕见设置中的系统认证模块的"空选择",这会允许任何尝试都会成功且远程攻击者绕过认证权限。

漏洞公告

目前厂商已经发布了升级补丁以修复此安全问题,补丁获取链接: Ubuntu Ubuntu Linux 8.10 lpia Ubuntu libpam-cracklib_1.0.1-4ubuntu5.6_lpia.deb http://ports.ubuntu.com/pool/main/p/pam/libpam-cracklib_1.0.1-4ubuntu5 .6_lpia.deb Ubuntu libpam-doc_1.0.1-4ubuntu5.6_all.deb http://security.ubuntu.com/ubuntu/pool/main/p/pam/libpam-doc_1.0.1-4ub untu5.6_all.deb Ubuntu libpam-modules_1.0.1-4ubuntu5.6_lpia.deb http://ports.ubuntu.com/pool/main/p/pam/libpam-modules_1.0.1-4ubuntu5. 6_lpia.deb Ubuntu libpam-runtime_1.0.1-4ubuntu5.6_all.deb http://security.ubuntu.com/ubuntu/pool/main/p/pam/libpam-runtime_1.0.1 -4ubuntu5.6_all.deb Ubuntu libpam0g-dev_1.0.1-4ubuntu5.6_lpia.deb http://ports.ubuntu.com/pool/main/p/pam/libpam0g-dev_1.0.1-4ubuntu5.6_ lpia.deb Ubuntu libpam0g_1.0.1-4ubuntu5.6_lpia.deb http://ports.ubuntu.com/pool/main/p/pam/libpam0g_1.0.1-4ubuntu5.6_lpia .deb Ubuntu Ubuntu Linux 9.04 i386 Ubuntu libpam-cracklib_1.0.1-9ubuntu1.1_i386.deb http://security.ubuntu.com/ubuntu/pool/main/p/pam/libpam-cracklib_1.0. 1-9ubuntu1.1_i386.deb Ubuntu libpam-doc_1.0.1-9ubuntu1.1_all.deb http://security.ubuntu.com/ubuntu/pool/main/p/pam/libpam-doc_1.0.1-9ub untu1.1_all.deb Ubuntu libpam-modules_1.0.1-9ubuntu1.1_i386.deb http://security.ubuntu.com/ubuntu/pool/main/p/pam/libpam-modules_1.0.1 -9ubuntu1.1_i386.deb Ubuntu libpam-runtime_1.0.1-9ubuntu1.1_all.deb http://security.ubuntu.com/ubuntu/pool/main/p/pam/libpam-runtime_1.0.1 -9ubuntu1.1_all.deb

参考网址

来源: BID 名称: 36306 链接:http://www.securityfocus.com/bid/36306 来源: launchpad.net 链接:https://launchpad.net/bugs/410171 来源: UBUNTU 名称: USN-828-1 链接:http://www.ubuntulinux.org/support/documentation/usn/usn-828-1 来源: MLIST 名称: [oss-security] 20090908 CVE request - Debian/Ubuntu PAM auth module selection 链接:http://www.openwall.com/lists/oss-security/2009/09/08/7 来源: SECUNIA 名称: 36620 链接:http://secunia.com/advisories/36620 来源: bugs.debian.org 链接:http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=519927

补丁

    暂无

漏洞信息快速查询

相关漏洞

更多