⌨ Labor omnia vincit ☮

pam-python: local root escalation (CVE-2019-16729)

Posted in openSUSE, security by anaumov on 30.09.2019

Last week the openSUSE Security Team spent some time to check and review the PAM module from the pam-python project. Main reason for that – to make sure that the source code of the project is secure enough and bug free of course. Badly implemented PAM modules may cause user authentication to always succeed or otherwise badly influence security.
The audit process was done by Malte Kraus. He found the local root exploit in version 1.0.6, which was the last stable one since August 2016. Reaction from the upstream comes immediately: Russell Stuart, who is author of pam-python, released the new official version – 1.0.7.
PAM module from version 1.0.7 is whitelisted by openSUSE Security Team. I rebuild the new packages of pam-python and made it available for all openSUSE users.

2 comments

2 Responses

Subscribe to comments with RSS.

  1. Локальная root-уязвимость в pam-python — AllUNIX.ru — Всероссийский портал о UNIX-системах said, on 01.10.2019 at 07:17

    […] подключать модули аутентификации на языке Python, выявлена уязвимость (CVE-2019-16729), дающая возможность повысить […]

    Reply
  2. Links 1/10/2019: Linux 5.4 RC1, WordPress 5.3 Beta 2, 4MLinux 31.0 Beta, LFS 9.0 | Techrights said, on 01.10.2019 at 12:36

    […] pam-python: local root escalation (CVE-2019-16729) […]

    Reply

Leave a comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.