Vulnerability Assessment & Network Security Forums



If through a vulnerability assessment, a network security issue is detected for the vulnerability below, applying the appropriate security patches in a timely matter is very important.  If you have detected that your system has already been compromised, following CERT's Network Security recovery document will assist with recommended steps for system recovery.


Home >> Browse Vulnerability Assessment Database >> Red Hat Local Security Checks >> RHSA-2005-805: pam


Vulnerability Assessment Details

RHSA-2005-805: pam

Vulnerability Assessment Summary
Check for the version of the pam packages

Detailed Explanation for this Vulnerability Assessment


An updated pam package that fixes a security weakness is now available for
Red Hat Enterprise Linux 4.

This update has been rated as having low security impact by the Red Hat
Security Response Team.

PAM (Pluggable Authentication Modules) is a system security tool that
permits system administrators to set an authentication policy without
having to recompile programs that handle authentication.

A bug was found in the way PAM's unix_chkpwd helper program validates user
passwords when SELinux is enabled. Under normal circumstances, it is not
possible for a local non-root user to verify the password of another local
user with the unix_chkpwd command. A patch applied that adds SELinux
functionality makes it possible for a local user to use brute force
password guessing techniques against other local user accounts. The Common
Vulnerabilities and Exposures project has assigned the name CVE-2005-2977
to
this issue.

All users of pam should upgrade to this updated package, which contains
backported patches to correct these issues.




Solution : http://rhn.redhat.com/errata/RHSA-2005-805.html
Network Security Threat Level: High

Networks Security ID:

Vulnerability Assessment Copyright: This script is Copyright (C) 2005 Tenable Network Security

Cables, Connectors

Server RAM 16G 2x 8GB PC3L-10600R ECC REG DDR3L 1333 2Rx4 Memory FIT Dell HP IBM
$45.95
Server RAM 16G 2x 8GB PC3L-10600R ECC REG DDR3L 1333 2Rx4 Memory FIT Dell HP IBM pictureIBM 45D6529 8GB Ddr2 Server Memory HMP31GD7CMP8L-E3V3
$8.0
IBM 45D6529 8GB Ddr2 Server Memory HMP31GD7CMP8L-E3V3 pictureIBM x3650 M3 Intel 12-Core w/ HT 32GB DDR3 2x300GB M5014 RAID 256MB w/ BBU 2xPSU
$179.95
IBM x3650 M3 Intel 12-Core w/ HT 32GB DDR3 2x300GB M5014 RAID 256MB w/ BBU 2xPSU pictureIBM 7945 AC1 x3650 M3 Intel 8-Core 16T 32GB 2x146GB 10K M5014 RAID 256MB BBU 2PS
$124.95
IBM 7945 AC1 x3650 M3 Intel 8-Core 16T 32GB 2x146GB 10K M5014 RAID 256MB BBU 2PS picture


Discussions

No Discussions have been posted on this vulnerability.