Vulnerability Scanning Solutions, LLC.
Home
Our Process
Residential
Corporate
What We Scan For
Sample Report
Client List
Terms
Contact Us
What We Scan For
Family: Mandrake Local Security Checks --> Category: infos

MDKSA-2003:017-1: pam Vulnerability Scan


Vulnerability Scan Summary
Check for the version of the pam package

Detailed Explanation for this Vulnerability Test

The remote host is missing the patch for the advisory MDKSA-2003:017-1 (pam).


Andreas Beck discovered that the pam_xauth module would forward authorization
information from the root account to unprivileged users. This can be exploited
by a local attacker to gain access to the root user's X session. In order for it
to be successfully exploited, the attacker would have to somehow get the root
user to su to the account belonging to the attacker.
Update:
The previous fix was incorrect because certain applications, such as userdrake
and net_monitor could not be executed as root, although they could be executed
as users who successfully authenticated as root.


Solution : http://wwwnew.mandriva.com/security/advisories?name=MDKSA-2003:017-1
Threat Level: High

Click HERE for more information and discussions on this network vulnerability scan.

VSS, LLC.

P.O. Box 827051

Pembroke Pines, FL 33082-7051

Vulnerability Scanning Solutions, LLC.