RSBAC用户管理模块加密API绕过认证漏洞

BUGTRAQ ID: 25001 RSBAC是Linux内核的开源访问控制框架。 RSBAC的实现上存在访问认证漏洞，远程攻击者可能利用此漏洞绕过访问认证。 RSBAC的某些用户管理模块（如rsbacauth、pamsbac.so和pamlogin）没有正确地使用Linux内核加密API，攻击者可以在登录时不提交口令绕过认证，获得非授权访问。 RSBAC RSBAC 1.3.4 RSBAC RSBAC 1.3.3 目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载： http://bugtracker.rsbac.org/bugviewpage.php?bugid=97...

CVE-2007-3945

Rule Set Based Access Control RSBAC before 1.3.5 does not properly use the Linux Kernel Crypto API for the Linux kernel 2.6.x, which allows context-dependent attackers to bypass authentication controls via unspecified vectors, possibly involving User Management password hashing and unchecked...

Authentication flaw

Rule Set Based Access Control RSBAC before 1.3.5 does not properly use the Linux Kernel Crypto API for the Linux kernel 2.6.x, which allows context-dependent attackers to bypass authentication controls via unspecified vectors, possibly involving User Management password hashing and unchecked...

CVE-2007-3945

Rule Set Based Access Control RSBAC before 1.3.5 does not properly use the Linux Kernel Crypto API for the Linux kernel 2.6.x, which allows context-dependent attackers to bypass authentication controls via unspecified vectors, possibly involving User Management password hashing and unchecked...

CVE-2007-3945

CVE-2007-3945 affects Rule Set Based Access Control (RSBAC) versions prior to 1.3.5. The issue stems from improper use of the Linux Kernel Crypto API for Linux kernel 2.6.x, which could allow context-dependent attackers to bypass authentication controls via unspecified vectors (e.g., potential is...

Mandrake Linux Security Advisory : kernel (MDKSA-2006:182)

A number of vulnerabilities were discovered and corrected in the Linux 2.6 kernel : Stephane Eranian discovered an issue with permon2.0 where, under certain circumstances, the perfmonctl system call may not correctly manage the file descriptor reference count, resulting in the system possibly...

CVE-2004-0667

Rule Set Based Access Control RSBAC 1.2.2 through 1.2.3 allows access to syscreat, sysopen, and sysmknod inside jails, which could allow local users to gain elevated privileges...

CVE-2004-0667

RSBAC 1.2.2–1.2.3 allows access to sys_creat, sys_open, and sys_mknod inside jails, enabling local users to gain elevated privileges. The affected component is the system-call access control in RS BAC; root cause is unsafe exposure of these syscalls within jailed environments. Documented impact i...

rsbac protection bypass

suid files can be created from jailed processes...

rsbac 1.2.3 jail security problems

Amon Ott has released a security bugfix for RSBAC 1.2.3. The problem was discovered regarding to the RSBAC JAIL implementation. Please read the attached original release note if interested. The bugfix is available for download at http://www.rsbac.org/download/bugfixes/ For beginners, RSBAC is:...