| Revision Date: | 2005-10-26 | Version: | 502 |
| Title: | RHSA-2005:805: pam security update (Low) |
| Description: | PAM (Pluggable Authentication Modules) is a system security tool that allows system administrators to set an authentication policy without having to recompile programs that handle authentication.
A bug was found in the way PAM's unix_chkpwd helper program validates user passwords when SELinux is enabled. Under normal circumstances, it is not possible for a local non-root user to verify the password of another local user with the unix_chkpwd command. A patch applied that adds SELinux functionality makes it possible for a local user to use brute force password guessing techniques against other local user accounts. The Common Vulnerabilities and Exposures project has assigned the name CVE-2005-2977 to this issue.
All users of pam should upgrade to this updated package, which contains backported patches to correct these issues.
|
| Family: | unix | Class: | patch |
| Status: | | Reference(s): | CVE-2005-2977
RHSA-2005:805-01
|
| Platform(s): | Red Hat Enterprise Linux 4
| Product(s): | |
| Definition Synopsis |
| Red Hat Enterprise Linux 4 is installed AND Package Information
pam-devel is earlier than 0:0.77-66.13
AND pam-devel is signed with Red Hat master key
OR
pam is earlier than 0:0.77-66.13
AND pam is signed with Red Hat master key
|