The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of NSA SELinux

vulnerability alert CVE-2005-2977

PAM, SELinux: brute force attack with unix_chkpwd

Synthesis of the vulnerability

A local attacker can use unix_chkpwd to conduct a brute force attack on user passwords.
Impacted products: Fedora, SELinux, RHEL, Unix (platform) ~ not comprehensive.
Severity: 1/4.
Consequences: user access/rights.
Provenance: user shell.
Creation date: 27/10/2005.
Identifiers: 168180, BID-15217, CVE-2005-2977, FEDORA-2005-1030, FEDORA-2005-1031, RHSA-2005:805, RHSA-2005:805-01, VIGILANCE-VUL-5311.

Description of the vulnerability

Program unix_chkpwd checks an user password. It is not conceived to be directly called, and forbids a local attacker to check password of another user.

SELinux patch secures system. However, when this patch is installed, a local attacker can use unix_chkpwd to check password of another user.

This vulnerability therefore permits an attacker to use a brute force attack on passwords stored in /etc/shadow.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability announce CVE-2004-1069

Noyau Linux : déni de service par unix_dgram_sendmsg

Synthesis of the vulnerability

Un attaquant local peut utiliser des sockets AF_UNIX pour stopper le système.
Impacted products: Linux, Mandriva Linux, SELinux.
Severity: 1/4.
Consequences: denial of service on server.
Provenance: user shell.
Creation date: 29/12/2004.
Identifiers: BID-11939, CVE-2004-1069, MDKSA-2005:022, V6-LINUXAFUNIXDOS, VIGILANCE-VUL-4597.

Description of the vulnerability

Les sockets PF_UNIX permettent à deux processus locaux de communiquer. Elles peuvent être de type SOCK_STREAM ou SOCK_DGRAM (pour les sockets internet/PF_INET, SOCK_STREAM correspond à TCP et SOCK_DGRAM à UDP).

La fonction unix_dgram_sendmsg() du noyau est en charge d'envoyer les messages des sockets PF_UNIX de type SOCK_DGRAM.

Cependant, lorsque le noyau est compilé avec les options CONFIG_SECURITY_NETWORK et CONFIG_SECURITY_SELINUX, cette fonction bloque le noyau.

Un attaquant peut alors mener un déni de service.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.