6.9 - RHSA-2008:0193

Problem Description:

Updated lspp-eal4-config-ibm and capp-lspp-eal4-config-hp packages that fix a security issue are now available for Red Hat Enterprise Linux 5.

This update has been rated as having important security impact by the Red Hat Security Response Team.

2. Description:

The lspp-eal4-config-ibm and capp-lspp-eal4-config-hp packages contain utilities and documentation for configuring a machine for the Controlled Access Protection Profile, or the Labeled Security Protection Profile.

It was discovered that use of the "capp-lspp-config" script results in the "/etc/pam.d/system-auth" file being set to world-writable. Authorized local users who have limited privileges could then exploit this to gain additional access, or to escalate their privileges. (CVE-2008-0884)

This issue only affects users who have installed either of these packages from the Red Hat FTP site as their base system configuration kickstart script.

New deployments using the lspp-eal4-config-ibm or capp-lspp-eal4-config-hp packages are advised to upgrade to these updated packages, which resolve this issue.

For systems already deployed, the following command can be run as root to restore the permissions to a secure setting:

chmod 0644 /etc/pam.d/system-auth

3. Solution:

This update is available via the Red Hat FTP site.

ftp://ftp.redhat.com/pub/redhat/linux/eal/EAL4_RHEL5/IBM/RPMS/lspp-eal4-config-ibm-0.65-2.el5.noarch.rpm ftp://ftp.redhat.com/pub/redhat/linux/eal/EAL4_RHEL5/HP/RPMS/capp-lspp-eal4-config-hp-0.65-2.el5.noarch.rpm

4. Bugs fixed (http://bugzilla.redhat.com/):

435442 - CVE-2008-0884 system-auth-ac is world-writable

5. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0884 http://www.redhat.com/security/updates/classification/#important