Mandrake Linux Security Advisory : pam (MDKSA-2000:029)

This script is Copyright (C) 2012-2013 Tenable Network Security, Inc.


Synopsis :

The remote Mandrake Linux host is missing one or more security
updates.

Description :

There is a problem with the pam_console module that incorrectly
identifies remote X logins for displays other than :0 (for example,
:1, :2, etc.) as being local displays, thus giving control of the
console to the remote user. Because the remote user has control of the
console they are able to issue commands to reboot the remote system
after providing their password. Please note that this vulnerability is
only exploitable if the system is running a graphical login manager
like gdm, kdm, or xdm and if XDMCP is enabled and remote access is
granted. Users are highly recommended to upgrade to this version which
fixes the exploit (thanks to RedHat).

Solution :

Update the affected pam, pam-devel and / or pam-doc packages.

Risk factor :

High

Family: Mandriva Local Security Checks

Nessus Plugin ID: 61826 ()

Bugtraq ID:

CVE ID:

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now