Thursday, July 8, 2010

Ubuntu closes root hole:

Ubuntu closes root hole: A flaw in the module pam_motd (message of the day), which displays the daily
motto and other information after login (to the shell), can be exploited under Ubuntu to expand access rights.
Attackers can exploit this vulnerability to gain root access. Ubuntu has already provided a patch for the flaw.
Operators of multi-users systems should install it as soon as possible because directions are already in
circulation via Twitter on how to exploit the flaw to get access rights to the password file /etc/shadow. The file
can then not only be read, but changed. … According to the developers, the problem only occurs on Ubuntu;
other Linux systems are reportedly not affected. Ubuntu has remedied the flaw by taking root rights away
from the module for access to the file (under .cache). [Date: 8 July 2010; Source: