Forum rules
Do not post support questions here. Before you post read the forum rules. Topics in this forum are automatically closed 6 months after creation.
A flaw in the module pam_motd (message of the day), which displays the daily motto and other information after login (to the shell), can be exploited under Ubuntu to expand access rights. Attackers can exploit this vulnerability to gain root access. Ubuntu has already provided a patch for the flaw. Operators of multi-users systems should install it as soon as possible because directions are already in circulation via Twitter on how to exploit the flaw to get access rights to the password file /etc/shadow. The file can then not only be read, but changed.
The problem is the result of the excessively high access rights with which pam_motd stores or modifies the file motd.legal-notice in the user's local cache directory after login. That file is designed to show whether the legal notice was displayed, but the module performs that function with root rights. With a symlink from the cache to the password file, the owner can be changed with a new login.
According to the developers, the problem only occurs on Ubuntu; other Linux systems are reportedly not affected. Ubuntu has remedied the flaw by taking root rights away from the module for access to the file motd.legal-notice (under .cache).
Fortunately, Ubuntu closed this root hole but... It is talk of possibly switching the basis to Debian, right? A good idea I guess...
Last edited by LockBot on Wed Dec 28, 2022 7:16 am, edited 1 time in total.
Reason:Topic automatically closed 6 months after creation. New replies are no longer allowed.
K.I.S.S. ===> "Keep It Simple, Stupid"
"Simplicity is the ultimate sophistication." (Leonardo da Vinci)
"Everything should be made as simple as possible, but no simpler." (Albert Einstein)
linuxviolin wrote:According to[/url] the developers, the problem only occurs on Ubuntu; other Linux systems are reportedly not affected.[/b] Ubuntu has remedied the flaw by taking root rights away from the module for access to the file motd.legal-notice (under .cache).
This doesn't sound right, as MOTD is enabled by default in Mint, but not in Ubuntu. I found it extremely annoying to get a stupid fortune cookie message every time I opened terminal in Mint.
A security issue affects the following Ubuntu releases:
Ubuntu 9.10
Ubuntu 10.04 LTS
This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.
The problem can be corrected by upgrading your system to the
following package versions:
Ubuntu 9.10:
libpam-modules 1.1.0-2ubuntu1.1
Ubuntu 10.04 LTS:
libpam-modules 1.1.1-2ubuntu5
In general, a standard system update will make all the necessary changes.
Details follow:
Denis Excoffier discovered that the PAM MOTD module in Ubuntu did
not correctly handle path permissions when creating user file stamps.
A local attacker could exploit this to gain root privilieges.
* SECURITY UPDATE: root privilege escalation via symlink following.
- debian/patches-applied/pam_motd-legal-notice: drop privs for work.
- CVE-2010-0832
K.I.S.S. ===> "Keep It Simple, Stupid"
"Simplicity is the ultimate sophistication." (Leonardo da Vinci)
"Everything should be made as simple as possible, but no simpler." (Albert Einstein)
"I think a better name for PAM might be SCAM, for Swiss Cheese Authentication
Modules, and have never felt that the small amount of convenience it provides
is worth the great loss of system security." -- Patrick Volkerding
It is talk of possibly switching the basis to Debian, right? A good idea I guess... 
