ID CVE-2007-1716
Summary pam_console does not properly restore ownership for certain console devices when there are multiple users logged into the console and one user logs out, which might allow local users to gain privileges.
References
Vulnerable Configurations
  • Red Hat Enterprise Linux 4.4
    cpe:2.3:o:redhat:enterprise_linux:4.4
CVSS
Base: 3.4 (as of 29-03-2007 - 13:15)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
LOCAL HIGH MULTIPLE_INSTANCES
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
nessus via4
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-200711-23.NASL
    description The remote host is affected by the vulnerability described in GLSA-200711-23 (VMware Workstation and Player: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in several VMware products. Neel Mehta and Ryan Smith (IBM ISS X-Force) discovered that the DHCP server contains an integer overflow vulnerability (CVE-2007-0062), an integer underflow vulnerability (CVE-2007-0063) and another error when handling malformed packets (CVE-2007-0061), leading to stack-based buffer overflows or stack corruption. Rafal Wojtczvk (McAfee) discovered two unspecified errors that allow authenticated users with administrative or login privileges on a guest operating system to corrupt memory or cause a Denial of Service (CVE-2007-4496, CVE-2007-4497). Another unspecified vulnerability related to untrusted virtual machine images was discovered (CVE-2007-5617). VMware products also shipped code copies of software with several vulnerabilities: Samba (GLSA-200705-15), BIND (GLSA-200702-06), MIT Kerberos 5 (GLSA-200707-11), Vixie Cron (GLSA-200704-11), shadow (GLSA-200606-02), OpenLDAP (CVE-2006-4600), PAM (CVE-2004-0813, CVE-2007-1716), GCC (CVE-2006-3619) and GDB (CVE-2006-4146). Impact : Remote attackers within a guest system could possibly exploit these vulnerabilities to execute code on the host system with elevated privileges or to cause a Denial of Service. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2018-11-14
    plugin id 28262
    published 2007-11-20
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=28262
    title GLSA-200711-23 : VMware Workstation and Player: Multiple vulnerabilities
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20071109_PAM_ON_SL5.NASL
    description Problem description : A flaw was found in the way pam_console set console device permissions. It was possible for various console devices to retain ownership of the console user after logging out, possibly leaking information to another local user. (CVE-2007-1716) A flaw was found in the way the PAM library wrote account names to the audit subsystem. An attacker could inject strings containing parts of audit messages which could possibly mislead or confuse audit log parsing tools. (CVE-2007-3102) As well, these updated packages fix the following bugs : - truncated MD5-hashed passwords in '/etc/shadow' were treated as valid, resulting in insecure and invalid passwords. - the pam_namespace module did not convert context names to raw format and did not unmount polyinstantiated directories in some cases. It also crashed when an unknown user name was used in '/etc/security/namespace.conf', the pam_namespace configuration file. - the pam_selinux module was not relabeling the controlling tty correctly, and in some cases it did not send complete information about user role and level change to the audit subsystem. These updated packages add the following enhancements : - pam_limits module now supports parsing additional config files placed into the /etc/security/limits.d/ directory. These files are read after the main configuration file. - the modules pam_limits, pam_access, and pam_time now send a message to the audit subsystem when a user is denied access based on the number of login sessions, origin of user, and time of login. - pam_unix module security properties were improved. Functionality in the setuid helper binary, unix_chkpwd, which was not required for user authentication, was moved to a new non-setuid helper binary, unix_update.
    last seen 2019-02-21
    modified 2019-01-07
    plugin id 60297
    published 2012-08-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=60297
    title Scientific Linux Security Update : pam on SL5.x
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2007-0737.NASL
    description Updated pam packages that fix two security flaws, resolve two bugs, and add an enhancement are now available for Red Hat Enterprise Linux 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Pluggable Authentication Modules (PAM) provide a system whereby administrators can set up authentication policies without having to recompile programs that handle authentication. A flaw was found in the way pam_console set console device permissions. It was possible for various console devices to retain ownership of the console user after logging out, possibly leaking information to another local user. (CVE-2007-1716) A flaw was found in the way the PAM library wrote account names to the audit subsystem. An attacker could inject strings containing parts of audit messages, which could possibly mislead or confuse audit log parsing tools. (CVE-2007-3102) As well, these updated packages fix the following bugs : * the pam_xauth module, which is used for copying the X11 authentication cookie, did not reset the 'XAUTHORITY' variable in certain circumstances, causing unnecessary delays when using su command. * when calculating password similarity, pam_cracklib disregarded changes to the last character in passwords when 'difok=x' (where 'x' is the number of characters required to change) was configured in '/etc/pam.d/system-auth'. This resulted in password changes that should have been successful to fail with the following error : BAD PASSWORD: is too similar to the old one This issue has been resolved in these updated packages. * the pam_limits module, which provides setting up system resources limits for user sessions, reset the nice priority of the user session to '0' if it was not configured otherwise in the '/etc/security/limits.conf' configuration file. These updated packages add the following enhancement : * a new PAM module, pam_tally2, which allows accounts to be locked after a maximum number of failed log in attempts. All users of PAM should upgrade to these updated packages, which resolve these issues and add this enhancement.
    last seen 2019-02-21
    modified 2018-11-16
    plugin id 28239
    published 2007-11-16
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=28239
    title RHEL 4 : pam (RHSA-2007:0737)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2007-0465.NASL
    description Updated pam packages that resolves several bugs and security flaws are now available for Red Hat Enterprise Linux 3. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Pluggable Authentication Modules (PAM) provide a system whereby administrators can set up authentication policies without having to recompile programs that handle authentication. A flaw was found in the way the Linux kernel handled certain SG_IO commands. Console users with access to certain device files had the ability to damage recordable CD drives. The way pam_console handled permissions of these files has been modified to disallow access. This change also required modifications to the cdrecord application. (CVE-2004-0813) A flaw was found in the way pam_console set console device permissions. It was possible for various console devices to retain ownership of the console user after logging out, possibly leaking information to an unauthorized user. (CVE-2007-1716) The pam_unix module provides authentication against standard /etc/passwd and /etc/shadow files. The pam_stack module provides support for stacking PAM configuration files. Both of these modules contained small memory leaks which caused problems in applications calling PAM authentication repeatedly in the same process. All users of PAM should upgrade to these updated packages, which resolve these issues.
    last seen 2019-02-21
    modified 2018-11-16
    plugin id 25480
    published 2007-06-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=25480
    title RHEL 3 : pam (RHSA-2007:0465)
  • NASL family VMware ESX Local Security Checks
    NASL id VMWARE_VMSA-2007-0006.NASL
    description Problems addressed by these patches : I Arbitrary code execution and denial of service vulnerabilities This release fixes a security vulnerability that could allow a guest operating system user with administrative privileges to cause memory corruption in a host process, and thus potentially execute arbitrary code on the host. (CVE-2007-4496) This release fixes a denial of service vulnerability that could allow a guest operating system to cause a host process to become unresponsive or exit unexpectedly. (CVE-2007-4497) Thanks to Rafal Wojtczvk of McAfee for identifying and reporting these issues. II Hosted products DHCP security vulnerabilities addressed This release fixes several vulnerabilities in the DHCP server that could enable a specially crafted packets to gain system-level privileges. (CVE-2007-0061, CVE-2007-0062, CVE-2007-0063) Thanks to Neel Mehta and Ryan Smith of the IBM Internet Security Systems X-Force for discovering and researching these vulnerabilities. III Windows based hosted product vulnerability in IntraProcessLogging.dll and vielib.dll. This release fixes a security vulnerability that could allow a malicious remote user to exploit the library file IntraProcessLogging.dll to overwrite files in a system. (CVE-2007-4059) This release fixes a security vulnerability that could allow a malicious remote user to exploit the library file vielib.dll to overwrite files in a system. (CVE-2007-4155) Thanks to the Goodfellas Security Research Team for discovering and researching these vulnerabilities. IV Escalation of privileges on Windows hosted systems This release fixes a security vulnerability in which Workstation was starting registered Windows services in an insecure manner. This vulnerability could allow a malicious user to escalate user privileges. Thanks to Foundstone for discovering this vulnerability. V Potential denial of service using VMware Player This release fixes a problem that prevented VMware Player from launching. This problem was accompanied by the error message VMware Player unrecoverable error: (player) Exception 0xc0000005 (access violation) has occurred. VI ESX Service Console updates a. Service console package Samba, has been updated to address the following issues : Various bugs were found in NDR parsing, used to decode MS-RPC requests in Samba. A remote attacker could have sent carefully crafted requests causing a heap overflow, which may have led to the ability to execute arbitrary code on the server. (CVE-2007-2446) Unescaped user input parameters were being passed as arguments to /bin/sh. A remote, authenticated, user could have triggered this flaw and executed arbitrary code on the server. Additionally, this flaw could be triggered by a remote unauthenticated user if Samba was configured to use the non-default username map script option. (CVE-2007-2447) Thanks to the Samba developers, TippingPoint, and iDefense for identifying and reporting these issues. Note: These issues only affect the service console network, and are not remote vulnerabilities for ESX Server hosts that have been set up with the security best practices provided by VMware. http://www.vmware.com/resources/techresources/726 b. Updated bind package for the service console fixes a flaw with the way ISC BIND processed certain DNS query responses. ISC BIND (Berkeley Internet Name Domain) is an implementation of the DNS (Domain Name System) protocols. Under some circumstances, a malicious remote user could launch a Denial-of-Service attack on ESX Server hosts that had enabled DNSSEC validation. (CVE-2007-0494) Note: These issues only affect the service console network, and are not remote vulnerabilities for ESX Server hosts that have been set up with the security best practices provided by VMware. http://www.vmware.com/resources/techresources/726 c. This patch provides updated service console package krb5 update. The Common Vulnerabilities and Exposures project (cve.mitre.org) assigned the names CVE-2007-2442, CVE-2007-2443, and CVE-2007-2798 to these security issues. Thanks to Wei Wang of McAfee Avert Labs discovered these vulnerabilities. Note: The VMware service console does not provide the kadmind binary, and is not affected by these issues, but a update has been provided for completeness. d. Service console update for vixie-cron This patch provides an updated service console package vixie-cron. Cron is a standard UNIX daemon that runs specified programs at scheduled times. A denial of service issue was found in the way vixie-cron verified crontab file integrity. A local user with the ability to create a hardlink to /etc/crontab could potentially prevent vixie-cron from executing certain system cron jobs. (CVE-2007-1856) Thanks to Raphael Marichez for identifying this issue. e. Service console update for shadow-utils This patch provides an updated shadow-utils package. A new user's mailbox, when created, could have random permissions for a short period. This could enable a local malicious user to read or modify the mailbox. (CVE-2006-1174) f. Service console update for OpenLDAP This patch provides a updated OpenLDAP package. A flaw could allow users with selfwrite access to modify the distinguished name of any user, instead of being limited to modify only their own distinguished name. (CVE-2006-4600) g. Service console update for PAM This patch provides an updated PAM package A vulnerability was found that could allow console users with access to certain device files to cause damage to recordable CD drives. Certain file permissions have now been modified to disallow access. (CVE-2004-0813) A flaw was found with console device permissions. It was possible for various console devices to retain ownership of the previoius console user after logging out, which could result in leakage of information to an unauthorized user. (CVE-2007-1716) h. Service console update for GCC This patch provides security fixes for the service console GNU Compiler Collection (GCC) packages that include C, C++, Java, Fortran 77, Objective C, and Ada 95 GNU compilers and related support libraries. A flaw was found in the fastjar utility that could potentially allow a malicious user to create a JAR file which, if unpacked using fastjar, could write to any file that an authorized user had write access to. (CVE-2006-3619) Thanks to Jürgen Weigert for identifying this issue. i. Service Console update for GDB This patch provides a security fix for the service console GNU debugger (GDB). Various vulnerabilities were found in GDB. These vulnerabilities may allow a malicious user to deceive a user into loading debugging information into GDB, enabling the execution of arbitrary code with the privileges of the user. (CVE-2006-4146)
    last seen 2019-02-21
    modified 2018-08-06
    plugin id 40370
    published 2009-07-27
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=40370
    title VMSA-2007-0006 : Critical security updates for all supported versions of VMware ESX Server, VMware Server, VMware Workstation, VMware ACE, and VMware Player
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2007-0555.NASL
    description Updated pam packages that fix two security flaws, resolve several bugs, and add enhancements are now available for Red Hat Enterprise Linux 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Pluggable Authentication Modules (PAM) provide a system whereby administrators can set up authentication policies without having to recompile programs that handle authentication. A flaw was found in the way pam_console set console device permissions. It was possible for various console devices to retain ownership of the console user after logging out, possibly leaking information to another local user. (CVE-2007-1716) A flaw was found in the way the PAM library wrote account names to the audit subsystem. An attacker could inject strings containing parts of audit messages which could possibly mislead or confuse audit log parsing tools. (CVE-2007-3102) As well, these updated packages fix the following bugs : * truncated MD5-hashed passwords in '/etc/shadow' were treated as valid, resulting in insecure and invalid passwords. * the pam_namespace module did not convert context names to raw format and did not unmount polyinstantiated directories in some cases. It also crashed when an unknown user name was used in '/etc/security/namespace.conf', the pam_namespace configuration file. * the pam_selinux module was not relabeling the controlling tty correctly, and in some cases it did not send complete information about user role and level change to the audit subsystem. These updated packages add the following enhancements : * pam_limits module now supports parsing additional config files placed into the /etc/security/limits.d/ directory. These files are read after the main configuration file. * the modules pam_limits, pam_access, and pam_time now send a message to the audit subsystem when a user is denied access based on the number of login sessions, origin of user, and time of login. * pam_unix module security properties were improved. Functionality in the setuid helper binary, unix_chkpwd, which was not required for user authentication, was moved to a new non-setuid helper binary, unix_update. All users of PAM should upgrade to these updated packages, which resolve these issues and add these enhancements.
    last seen 2019-02-21
    modified 2018-11-16
    plugin id 27831
    published 2007-11-08
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=27831
    title RHEL 5 : pam (RHSA-2007:0555)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2007-0465.NASL
    description From Red Hat Security Advisory 2007:0465 : Updated pam packages that resolves several bugs and security flaws are now available for Red Hat Enterprise Linux 3. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Pluggable Authentication Modules (PAM) provide a system whereby administrators can set up authentication policies without having to recompile programs that handle authentication. A flaw was found in the way the Linux kernel handled certain SG_IO commands. Console users with access to certain device files had the ability to damage recordable CD drives. The way pam_console handled permissions of these files has been modified to disallow access. This change also required modifications to the cdrecord application. (CVE-2004-0813) A flaw was found in the way pam_console set console device permissions. It was possible for various console devices to retain ownership of the console user after logging out, possibly leaking information to an unauthorized user. (CVE-2007-1716) The pam_unix module provides authentication against standard /etc/passwd and /etc/shadow files. The pam_stack module provides support for stacking PAM configuration files. Both of these modules contained small memory leaks which caused problems in applications calling PAM authentication repeatedly in the same process. All users of PAM should upgrade to these updated packages, which resolve these issues.
    last seen 2019-02-21
    modified 2018-08-13
    plugin id 67517
    published 2013-07-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=67517
    title Oracle Linux 3 : pam (ELSA-2007-0465)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2007-0737.NASL
    description Updated pam packages that fix two security flaws, resolve two bugs, and add an enhancement are now available for Red Hat Enterprise Linux 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Pluggable Authentication Modules (PAM) provide a system whereby administrators can set up authentication policies without having to recompile programs that handle authentication. A flaw was found in the way pam_console set console device permissions. It was possible for various console devices to retain ownership of the console user after logging out, possibly leaking information to another local user. (CVE-2007-1716) A flaw was found in the way the PAM library wrote account names to the audit subsystem. An attacker could inject strings containing parts of audit messages, which could possibly mislead or confuse audit log parsing tools. (CVE-2007-3102) As well, these updated packages fix the following bugs : * the pam_xauth module, which is used for copying the X11 authentication cookie, did not reset the 'XAUTHORITY' variable in certain circumstances, causing unnecessary delays when using su command. * when calculating password similarity, pam_cracklib disregarded changes to the last character in passwords when 'difok=x' (where 'x' is the number of characters required to change) was configured in '/etc/pam.d/system-auth'. This resulted in password changes that should have been successful to fail with the following error : BAD PASSWORD: is too similar to the old one This issue has been resolved in these updated packages. * the pam_limits module, which provides setting up system resources limits for user sessions, reset the nice priority of the user session to '0' if it was not configured otherwise in the '/etc/security/limits.conf' configuration file. These updated packages add the following enhancement : * a new PAM module, pam_tally2, which allows accounts to be locked after a maximum number of failed log in attempts. All users of PAM should upgrade to these updated packages, which resolve these issues and add this enhancement.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 67055
    published 2013-06-29
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=67055
    title CentOS 4 : pam (CESA-2007:0737)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20071115_PAM_ON_SL4_X.NASL
    description A flaw was found in the way pam_console set console device permissions. It was possible for various console devices to retain ownership of the console user after logging out, possibly leaking information to another local user. (CVE-2007-1716) A flaw was found in the way the PAM library wrote account names to the audit subsystem. An attacker could inject strings containing parts of audit messages, which could possibly mislead or confuse audit log parsing tools. (CVE-2007-3102) As well, these updated packages fix the following bugs : - the pam_xauth module, which is used for copying the X11 authentication cookie, did not reset the 'XAUTHORITY' variable in certain circumstances, causing unnecessary delays when using su command. - when calculating password similarity, pam_cracklib disregarded changes to the last character in passwords when 'difok=x' (where 'x' is the number of characters required to change) was configured in '/etc/pam.d/system-auth'. This resulted in password changes that should have been successful to fail with the following error : BAD PASSWORD: is too similar to the old one This issue has been resolved in these updated packages. - the pam_limits module, which provides setting up system resources limits for user sessions, reset the nice priority of the user session to '0' if it was not configured otherwise in the '/etc/security/limits.conf' configuration file. These updated packages add the following enhancement : - a new PAM module, pam_tally2, which allows accounts to be locked after a maximum number of failed log in attempts.
    last seen 2019-02-21
    modified 2019-01-07
    plugin id 60308
    published 2012-08-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=60308
    title Scientific Linux Security Update : pam on SL4.x i386/x86_64
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20070611_PAM_ON_SL3.NASL
    description A flaw was found in the way the Linux kernel handled certain SG_IO commands. Console users with access to certain device files had the ability to damage recordable CD drives. The way pam_console handled permissions of these files has been modified to disallow access. This change also required modifications to the cdrecord application. (CVE-2004-0813) A flaw was found in the way pam_console set console device permissions. It was possible for various console devices to retain ownership of the console user after logging out, possibly leaking information to an unauthorized user. (CVE-2007-1716) The pam_unix module provides authentication against standard /etc/passwd and /etc/shadow files. The pam_stack module provides support for stacking PAM configuration files. Both of these modules contained small memory leaks which caused problems in applications calling PAM authentication repeatedly in the same process.
    last seen 2019-02-21
    modified 2019-01-07
    plugin id 60202
    published 2012-08-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=60202
    title Scientific Linux Security Update : pam on SL3.x i386/x86_64
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2007-0465.NASL
    description Updated pam packages that resolves several bugs and security flaws are now available for Red Hat Enterprise Linux 3. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Pluggable Authentication Modules (PAM) provide a system whereby administrators can set up authentication policies without having to recompile programs that handle authentication. A flaw was found in the way the Linux kernel handled certain SG_IO commands. Console users with access to certain device files had the ability to damage recordable CD drives. The way pam_console handled permissions of these files has been modified to disallow access. This change also required modifications to the cdrecord application. (CVE-2004-0813) A flaw was found in the way pam_console set console device permissions. It was possible for various console devices to retain ownership of the console user after logging out, possibly leaking information to an unauthorized user. (CVE-2007-1716) The pam_unix module provides authentication against standard /etc/passwd and /etc/shadow files. The pam_stack module provides support for stacking PAM configuration files. Both of these modules contained small memory leaks which caused problems in applications calling PAM authentication repeatedly in the same process. All users of PAM should upgrade to these updated packages, which resolve these issues.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 25499
    published 2007-06-14
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=25499
    title CentOS 3 : pam (CESA-2007:0465)
oval via4
accepted 2013-04-29T04:14:21.777-04:00
class vulnerability
contributors
  • name Aharon Chernin
    organization SCAP.com, LLC
  • name Dragos Prisaca
    organization G2, Inc.
definition_extensions
  • comment The operating system installed on the system is Red Hat Enterprise Linux 3
    oval oval:org.mitre.oval:def:11782
  • comment CentOS Linux 3.x
    oval oval:org.mitre.oval:def:16651
  • comment The operating system installed on the system is Red Hat Enterprise Linux 4
    oval oval:org.mitre.oval:def:11831
  • comment CentOS Linux 4.x
    oval oval:org.mitre.oval:def:16636
  • comment Oracle Linux 4.x
    oval oval:org.mitre.oval:def:15990
  • comment The operating system installed on the system is Red Hat Enterprise Linux 5
    oval oval:org.mitre.oval:def:11414
  • comment The operating system installed on the system is CentOS Linux 5.x
    oval oval:org.mitre.oval:def:15802
  • comment Oracle Linux 5.x
    oval oval:org.mitre.oval:def:15459
description pam_console does not properly restore ownership for certain console devices when there are multiple users logged into the console and one user logs out, which might allow local users to gain privileges.
family unix
id oval:org.mitre.oval:def:11483
status accepted
submitted 2010-07-09T03:56:16-04:00
title pam_console does not properly restore ownership for certain console devices when there are multiple users logged into the console and one user logs out, which might allow local users to gain privileges.
version 25
redhat via4
advisories
  • bugzilla
    id 234142
    title CVE-2007-1716 Ownership of devices not returned to root after logout from console
    oval
    AND
    • comment Red Hat Enterprise Linux 3 is installed
      oval oval:com.redhat.rhba:tst:20070026001
    • OR
      • AND
        • comment pam is earlier than 0:0.75-72
          oval oval:com.redhat.rhsa:tst:20070465002
        • comment pam is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20070465003
      • AND
        • comment pam-devel is earlier than 0:0.75-72
          oval oval:com.redhat.rhsa:tst:20070465004
        • comment pam-devel is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20070465005
      • AND
        • comment cdrecord is earlier than 8:2.01.0.a32-0.EL3.6
          oval oval:com.redhat.rhsa:tst:20070465010
        • comment cdrecord is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20070465011
      • AND
        • comment cdrecord-devel is earlier than 8:2.01.0.a32-0.EL3.6
          oval oval:com.redhat.rhsa:tst:20070465008
        • comment cdrecord-devel is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20070465009
      • AND
        • comment mkisofs is earlier than 8:2.01.0.a32-0.EL3.6
          oval oval:com.redhat.rhsa:tst:20070465006
        • comment mkisofs is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20070465007
    rhsa
    id RHSA-2007:0465
    released 2007-06-07
    severity Moderate
    title RHSA-2007:0465: pam security and bug fix update (Moderate)
  • rhsa
    id RHSA-2007:0555
  • rhsa
    id RHSA-2007:0737
rpms
  • pam-0:0.75-72
  • pam-devel-0:0.75-72
  • cdrecord-8:2.01.0.a32-0.EL3.6
  • cdrecord-devel-8:2.01.0.a32-0.EL3.6
  • mkisofs-8:2.01.0.a32-0.EL3.6
  • pam-0:0.99.6.2-3.26.el5
  • pam-devel-0:0.99.6.2-3.26.el5
  • pam-0:0.77-66.23
  • pam-devel-0:0.77-66.23
refmap via4
confirm
fulldisc 20070920 VMSA-2007-0006 Critical security updates for all supported versions of VMware ESX Server, VMware Server, VMware Workstation, VMware ACE, and VMware Player
gentoo GLSA-200711-23
osvdb 37271
secunia
  • 25631
  • 25894
  • 26909
  • 27590
  • 27706
  • 28319
sgi 20070602-01-P
vupen ADV-2007-3229
statements via4
contributor Joshua Bressers
lastmodified 2007-04-09
organization Red Hat
statement Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=233581 The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. More information regarding issue severity can be found here: http://www.redhat.com/security/updates/classification/
Last major update 07-03-2011 - 21:52
Published 27-03-2007 - 18:19
Last modified 10-10-2017 - 21:31
Back to Top