ID CVE-2010-3853
Summary pam_namespace.c in the pam_namespace module in Linux-PAM (aka pam) before 1.1.3 uses the environment of the invoking application or service during execution of the namespace.init script, which might allow local users to gain privileges by running a setuid program that relies on the pam_namespace PAM check, as demonstrated by the sudo program.
References
Vulnerable Configurations
  • Linux-PAM 0.99.1.0
    cpe:2.3:a:linux-pam:linux-pam:0.99.1.0
  • Linux-PAM 0.99.2.0
    cpe:2.3:a:linux-pam:linux-pam:0.99.2.0
  • Linux-PAM 0.99.2.1
    cpe:2.3:a:linux-pam:linux-pam:0.99.2.1
  • Linux-PAM 0.99.3.0
    cpe:2.3:a:linux-pam:linux-pam:0.99.3.0
  • Linux-PAM 0.99.4.0
    cpe:2.3:a:linux-pam:linux-pam:0.99.4.0
  • Linux-PAM 0.99.5.0
    cpe:2.3:a:linux-pam:linux-pam:0.99.5.0
  • Linux-PAM 0.99.6.0
    cpe:2.3:a:linux-pam:linux-pam:0.99.6.0
  • Linux-PAM 0.99.6.1
    cpe:2.3:a:linux-pam:linux-pam:0.99.6.1
  • Linux-PAM 0.99.6.2
    cpe:2.3:a:linux-pam:linux-pam:0.99.6.2
  • Linux-PAM 0.99.6.3
    cpe:2.3:a:linux-pam:linux-pam:0.99.6.3
  • Linux-PAM 0.99.7.0
    cpe:2.3:a:linux-pam:linux-pam:0.99.7.0
  • Linux-PAM 0.99.7.1
    cpe:2.3:a:linux-pam:linux-pam:0.99.7.1
  • Linux-PAM 0.99.8.0
    cpe:2.3:a:linux-pam:linux-pam:0.99.8.0
  • Linux-PAM 0.99.8.1
    cpe:2.3:a:linux-pam:linux-pam:0.99.8.1
  • Linux-PAM 0.99.9.0
    cpe:2.3:a:linux-pam:linux-pam:0.99.9.0
  • Linux-PAM 0.99.10.0
    cpe:2.3:a:linux-pam:linux-pam:0.99.10.0
  • Linux-PAM 1.0.0
    cpe:2.3:a:linux-pam:linux-pam:1.0.0
  • Linux-PAM 1.0.1
    cpe:2.3:a:linux-pam:linux-pam:1.0.1
  • Linux-PAM 1.0.2
    cpe:2.3:a:linux-pam:linux-pam:1.0.2
  • Linux-PAM 1.0.3
    cpe:2.3:a:linux-pam:linux-pam:1.0.3
  • Linux-PAM 1.0.4
    cpe:2.3:a:linux-pam:linux-pam:1.0.4
  • Linux-PAM 1.1.0
    cpe:2.3:a:linux-pam:linux-pam:1.1.0
  • Linux-PAM 1.1.1
    cpe:2.3:a:linux-pam:linux-pam:1.1.1
  • Linux-PAM 1.1.2
    cpe:2.3:a:linux-pam:linux-pam:1.1.2
CVSS
Base: 6.9 (as of 25-01-2011 - 09:36)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
LOCAL MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
nessus via4
  • NASL family Misc.
    NASL id VMWARE_VMSA-2011-0004_REMOTE.NASL
    description The remote VMware ESX / ESXi host is missing a security-related patch. It is, therefore, affected by multiple vulnerabilities, including arbitrary code execution vulnerabilities, in several third-party components and libraries : - bind - pam - popt - rpm - rpm-libs - rpm-python - Service Location Protocol daemon (SLPD)
    last seen 2019-02-21
    modified 2018-08-16
    plugin id 89675
    published 2016-03-04
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=89675
    title VMware ESX / ESXi Third-Party Libraries Multiple Vulnerabilities (VMSA-2011-0004) (remote check)
  • NASL family VMware ESX Local Security Checks
    NASL id VMWARE_VMSA-2011-0004.NASL
    description a. Service Location Protocol daemon DoS This patch fixes a denial-of-service vulnerability in the Service Location Protocol daemon (SLPD). Exploitation of this vulnerability could cause SLPD to consume significant CPU resources. VMware would like to thank Nicolas Gregoire and US CERT for reporting this issue to us. The Common Vulnerabilities and Exposures Project (cve.mitre.org) has assigned the name CVE-2010-3609 to this issue. b. Service Console update for bind This patch updates the bind-libs and bind-utils RPMs to version 9.3.6-4.P1.el5_5.3, which resolves multiple security issues. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2010-3613, CVE-2010-3614, and CVE-2010-3762 to these issues. c. Service Console update for pam This patch updates the pam RPM to pam_0.99.6.2-3.27.5437.vmw, which resolves multiple security issues with PAM modules. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2010-3316, CVE-2010-3435, and CVE-2010-3853 to these issues. d. Service Console update for rpm, rpm-libs, rpm-python, and popt This patch updates rpm, rpm-libs, and rpm-python RPMs to 4.4.2.3-20.el5_5.1, and popt to version 1.10.2.3-20.el5_5.1, which resolves a security issue. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2010-2059 to this issue.
    last seen 2019-02-21
    modified 2018-09-06
    plugin id 52582
    published 2011-03-08
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=52582
    title VMSA-2011-0004 : VMware ESX/ESXi SLPD denial of service vulnerability and ESX third-party updates for Service Console packages bind, pam, and rpm.
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-1140-1.NASL
    description Marcus Granado discovered that PAM incorrectly handled configuration files with non-ASCII usernames. A remote attacker could use this flaw to cause a denial of service, or possibly obtain login access with a different users username. This issue only affected Ubuntu 8.04 LTS. (CVE-2009-0887) It was discovered that the PAM pam_xauth, pam_env and pam_mail modules incorrectly handled dropping privileges when performing operations. A local attacker could use this flaw to read certain arbitrary files, and access other sensitive information. (CVE-2010-3316, CVE-2010-3430, CVE-2010-3431, CVE-2010-3435) It was discovered that the PAM pam_namespace module incorrectly cleaned the environment during execution of the namespace.init script. A local attacker could use this flaw to possibly gain privileges. (CVE-2010-3853) It was discovered that the PAM pam_xauth module incorrectly handled certain failures. A local attacker could use this flaw to delete certain unintended files. (CVE-2010-4706) It was discovered that the PAM pam_xauth module incorrectly verified certain file properties. A local attacker could use this flaw to cause a denial of service. (CVE-2010-4707). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 55102
    published 2011-06-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=55102
    title Ubuntu 8.04 LTS / 10.04 LTS / 10.10 / 11.04 : pam vulnerabilities (USN-1140-1)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20101116_PAM_ON_SL6_X.NASL
    description It was discovered that the pam_namespace module executed the external script namespace.init with an unchanged environment inherited from an application calling PAM. In cases where such an environment was untrusted (for example, when pam_namespace was configured for setuid applications such as su or sudo), a local, unprivileged user could possibly use this flaw to escalate their privileges. (CVE-2010-3853) It was discovered that the pam_env and pam_mail modules used root privileges while accessing user's files. A local, unprivileged user could use this flaw to obtain information, from the lines that have the KEY=VALUE format expected by pam_env, from an arbitrary file. Also, in certain configurations, a local, unprivileged user using a service for which the pam_mail module was configured for, could use this flaw to obtain limited information about files or directories that they do not have access to. (CVE-2010-3435) Note: As part of the fix for CVE-2010-3435, this update changes the default value of pam_env's configuration option user_readenv to 0, causing the module to not read user's ~/.pam_environment configuration file by default, as reading it may introduce unexpected changes to the environment of the service using PAM, or PAM modules consulted after pam_env. It was discovered that the pam_xauth module did not verify the return values of the setuid() and setgid() system calls. A local, unprivileged user could use this flaw to execute the xauth command with root privileges and make it read an arbitrary input file. (CVE-2010-3316)
    last seen 2019-02-21
    modified 2019-01-02
    plugin id 60901
    published 2012-08-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=60901
    title Scientific Linux Security Update : pam on SL6.x i386/x86_64
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2010-0891.NASL
    description Updated pam packages that fix three security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Pluggable Authentication Modules (PAM) provide a system whereby administrators can set up authentication policies without having to recompile programs that handle authentication. It was discovered that the pam_namespace module executed the external script namespace.init with an unchanged environment inherited from an application calling PAM. In cases where such an environment was untrusted (for example, when pam_namespace was configured for setuid applications such as su or sudo), a local, unprivileged user could possibly use this flaw to escalate their privileges. (CVE-2010-3853) It was discovered that the pam_env and pam_mail modules used root privileges while accessing user's files. A local, unprivileged user could use this flaw to obtain information, from the lines that have the KEY=VALUE format expected by pam_env, from an arbitrary file. Also, in certain configurations, a local, unprivileged user using a service for which the pam_mail module was configured for, could use this flaw to obtain limited information about files or directories that they do not have access to. (CVE-2010-3435) Note: As part of the fix for CVE-2010-3435, this update changes the default value of pam_env's configuration option user_readenv to 0, causing the module to not read user's ~/.pam_environment configuration file by default, as reading it may introduce unexpected changes to the environment of the service using PAM, or PAM modules consulted after pam_env. It was discovered that the pam_xauth module did not verify the return values of the setuid() and setgid() system calls. A local, unprivileged user could use this flaw to execute the xauth command with root privileges and make it read an arbitrary input file. (CVE-2010-3316) Red Hat would like to thank Sebastian Krahmer of the SuSE Security Team for reporting the CVE-2010-3435 issue. All pam users should upgrade to these updated packages, which contain backported patches to correct these issues.
    last seen 2019-02-21
    modified 2018-11-28
    plugin id 50644
    published 2010-11-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=50644
    title RHEL 6 : pam (RHSA-2010:0891)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2010-0819.NASL
    description Updated pam packages that fix three security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Pluggable Authentication Modules (PAM) provide a system whereby administrators can set up authentication policies without having to recompile programs that handle authentication. It was discovered that the pam_namespace module executed the external script namespace.init with an unchanged environment inherited from an application calling PAM. In cases where such an environment was untrusted (for example, when pam_namespace was configured for setuid applications such as su or sudo), a local, unprivileged user could possibly use this flaw to escalate their privileges. (CVE-2010-3853) It was discovered that the pam_mail module used root privileges while accessing users' files. In certain configurations, a local, unprivileged user could use this flaw to obtain limited information about files or directories that they do not have access to. (CVE-2010-3435) It was discovered that the pam_xauth module did not verify the return values of the setuid() and setgid() system calls. A local, unprivileged user could use this flaw to execute the xauth command with root privileges and make it read an arbitrary input file. (CVE-2010-3316) Red Hat would like to thank Sebastian Krahmer of the SuSE Security Team for reporting the CVE-2010-3435 issue. All pam users should upgrade to these updated packages, which contain backported patches to correct these issues.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 50804
    published 2010-11-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=50804
    title CentOS 5 : pam (CESA-2010:0819)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2010-0819.NASL
    description Updated pam packages that fix three security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Pluggable Authentication Modules (PAM) provide a system whereby administrators can set up authentication policies without having to recompile programs that handle authentication. It was discovered that the pam_namespace module executed the external script namespace.init with an unchanged environment inherited from an application calling PAM. In cases where such an environment was untrusted (for example, when pam_namespace was configured for setuid applications such as su or sudo), a local, unprivileged user could possibly use this flaw to escalate their privileges. (CVE-2010-3853) It was discovered that the pam_mail module used root privileges while accessing users' files. In certain configurations, a local, unprivileged user could use this flaw to obtain limited information about files or directories that they do not have access to. (CVE-2010-3435) It was discovered that the pam_xauth module did not verify the return values of the setuid() and setgid() system calls. A local, unprivileged user could use this flaw to execute the xauth command with root privileges and make it read an arbitrary input file. (CVE-2010-3316) Red Hat would like to thank Sebastian Krahmer of the SuSE Security Team for reporting the CVE-2010-3435 issue. All pam users should upgrade to these updated packages, which contain backported patches to correct these issues.
    last seen 2019-02-21
    modified 2018-11-28
    plugin id 50447
    published 2010-11-02
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=50447
    title RHEL 5 : pam (RHSA-2010:0819)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-1140-2.NASL
    description USN-1140-1 fixed vulnerabilities in PAM. A regression was found that caused cron to stop working with a 'Module is unknown' error. As a result, systems configured with automatic updates will not receive updates until cron is restarted, these updates are installed or the system is rebooted. This update fixes the problem. We apologize for the inconvenience. Marcus Granado discovered that PAM incorrectly handled configuration files with non-ASCII usernames. A remote attacker could use this flaw to cause a denial of service, or possibly obtain login access with a different users username. This issue only affected Ubuntu 8.04 LTS. (CVE-2009-0887) It was discovered that the PAM pam_xauth, pam_env and pam_mail modules incorrectly handled dropping privileges when performing operations. A local attacker could use this flaw to read certain arbitrary files, and access other sensitive information. (CVE-2010-3316, CVE-2010-3430, CVE-2010-3431, CVE-2010-3435) It was discovered that the PAM pam_namespace module incorrectly cleaned the environment during execution of the namespace.init script. A local attacker could use this flaw to possibly gain privileges. (CVE-2010-3853) It was discovered that the PAM pam_xauth module incorrectly handled certain failures. A local attacker could use this flaw to delete certain unintended files. (CVE-2010-4706) It was discovered that the PAM pam_xauth module incorrectly verified certain file properties. A local attacker could use this flaw to cause a denial of service. (CVE-2010-4707). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 55103
    published 2011-06-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=55103
    title Ubuntu 8.04 LTS / 10.04 LTS / 10.10 / 11.04 : pam regression (USN-1140-2)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2010-17112.NASL
    description This update fixes moderate vulnerabilities in pam_env, pam_namespace, pam_mail, and pam_xauth modules. Default configurations (or configurations generated by authconfig) are not affected by the pam_mail and pam_namespace vulnerabilities. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2015-10-20
    plugin id 50486
    published 2010-11-05
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=50486
    title Fedora 13 : pam-1.1.1-6.fc13 (2010-17112)
  • NASL family Mandriva Local Security Checks
    NASL id MANDRIVA_MDVSA-2010-220.NASL
    description Multiple vulnerabilities were discovered and corrected in pam : The pam_xauth module did not verify the return values of the setuid() and setgid() system calls. A local, unprivileged user could use this flaw to execute the xauth command with root privileges and make it read an arbitrary input file (CVE-2010-3316). The pam_mail module used root privileges while accessing users' files. In certain configurations, a local, unprivileged user could use this flaw to obtain limited information about files or directories that they do not have access to (CVE-2010-3435). The pam_namespace module executed the external script namespace.init with an unchanged environment inherited from an application calling PAM. In cases where such an environment was untrusted (for example, when pam_namespace was configured for setuid applications such as su or sudo), a local, unprivileged user could possibly use this flaw to escalate their privileges (CVE-2010-3853). Packages for 2009.0 are provided as of the Extended Maintenance Program. Please visit this link to learn more: http://store.mandriva.com/product_info.php?cPath=149&products_id=4 90 The updated packages have been patched to correct these issues.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 50472
    published 2010-11-04
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=50472
    title Mandriva Linux Security Advisory : pam (MDVSA-2010:220)
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-201206-31.NASL
    description The remote host is affected by the vulnerability described in GLSA-201206-31 (Linux-PAM: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Linux-PAM. Please review the CVE identifiers referenced below for details. Impact : A local attacker could use specially crafted files to cause a buffer overflow, possibly resulting in privilege escalation or Denial of Service. Furthermore, a local attacker could execute specially crafted programs or symlink attacks, possibly resulting in data loss or disclosure of sensitive information. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2018-07-11
    plugin id 59704
    published 2012-06-26
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=59704
    title GLSA-201206-31 : Linux-PAM: Multiple vulnerabilities
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2010-17155.NASL
    description This update fixes moderate vulnerabilities in pam_env, pam_namespace, pam_mail, and pam_xauth modules. Default configurations (or configurations generated by authconfig) are not affected by the pam_mail and pam_namespace vulnerabilities. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2015-10-20
    plugin id 50508
    published 2010-11-08
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=50508
    title Fedora 14 : pam-1.1.1-6.fc14 (2010-17155)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2010-0891.NASL
    description From Red Hat Security Advisory 2010:0891 : Updated pam packages that fix three security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Pluggable Authentication Modules (PAM) provide a system whereby administrators can set up authentication policies without having to recompile programs that handle authentication. It was discovered that the pam_namespace module executed the external script namespace.init with an unchanged environment inherited from an application calling PAM. In cases where such an environment was untrusted (for example, when pam_namespace was configured for setuid applications such as su or sudo), a local, unprivileged user could possibly use this flaw to escalate their privileges. (CVE-2010-3853) It was discovered that the pam_env and pam_mail modules used root privileges while accessing user's files. A local, unprivileged user could use this flaw to obtain information, from the lines that have the KEY=VALUE format expected by pam_env, from an arbitrary file. Also, in certain configurations, a local, unprivileged user using a service for which the pam_mail module was configured for, could use this flaw to obtain limited information about files or directories that they do not have access to. (CVE-2010-3435) Note: As part of the fix for CVE-2010-3435, this update changes the default value of pam_env's configuration option user_readenv to 0, causing the module to not read user's ~/.pam_environment configuration file by default, as reading it may introduce unexpected changes to the environment of the service using PAM, or PAM modules consulted after pam_env. It was discovered that the pam_xauth module did not verify the return values of the setuid() and setgid() system calls. A local, unprivileged user could use this flaw to execute the xauth command with root privileges and make it read an arbitrary input file. (CVE-2010-3316) Red Hat would like to thank Sebastian Krahmer of the SuSE Security Team for reporting the CVE-2010-3435 issue. All pam users should upgrade to these updated packages, which contain backported patches to correct these issues.
    last seen 2019-02-21
    modified 2018-07-18
    plugin id 68144
    published 2013-07-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=68144
    title Oracle Linux 6 : pam (ELSA-2010-0891)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20101101_PAM_ON_SL5_X.NASL
    description It was discovered that the pam_namespace module executed the external script namespace.init with an unchanged environment inherited from an application calling PAM. In cases where such an environment was untrusted (for example, when pam_namespace was configured for setuid applications such as su or sudo), a local, unprivileged user could possibly use this flaw to escalate their privileges. (CVE-2010-3853) It was discovered that the pam_mail module used root privileges while accessing users' files. In certain configurations, a local, unprivileged user could use this flaw to obtain limited information about files or directories that they do not have access to. (CVE-2010-3435) It was discovered that the pam_xauth module did not verify the return values of the setuid() and setgid() system calls. A local, unprivileged user could use this flaw to execute the xauth command with root privileges and make it read an arbitrary input file. (CVE-2010-3316)
    last seen 2019-02-21
    modified 2019-01-02
    plugin id 60882
    published 2012-08-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=60882
    title Scientific Linux Security Update : pam on SL5.x i386/x86_64
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2010-17133.NASL
    description This update fixes moderate vulnerabilities in pam_env, pam_namespace, pam_mail, and pam_xauth modules. Default configurations (or configurations generated by authconfig) are not affected by the pam_mail and pam_namespace vulnerabilities. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2015-10-20
    plugin id 50626
    published 2010-11-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=50626
    title Fedora 12 : pam-1.1.1-6.fc12 (2010-17133)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2010-0819.NASL
    description From Red Hat Security Advisory 2010:0819 : Updated pam packages that fix three security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Pluggable Authentication Modules (PAM) provide a system whereby administrators can set up authentication policies without having to recompile programs that handle authentication. It was discovered that the pam_namespace module executed the external script namespace.init with an unchanged environment inherited from an application calling PAM. In cases where such an environment was untrusted (for example, when pam_namespace was configured for setuid applications such as su or sudo), a local, unprivileged user could possibly use this flaw to escalate their privileges. (CVE-2010-3853) It was discovered that the pam_mail module used root privileges while accessing users' files. In certain configurations, a local, unprivileged user could use this flaw to obtain limited information about files or directories that they do not have access to. (CVE-2010-3435) It was discovered that the pam_xauth module did not verify the return values of the setuid() and setgid() system calls. A local, unprivileged user could use this flaw to execute the xauth command with root privileges and make it read an arbitrary input file. (CVE-2010-3316) Red Hat would like to thank Sebastian Krahmer of the SuSE Security Team for reporting the CVE-2010-3435 issue. All pam users should upgrade to these updated packages, which contain backported patches to correct these issues.
    last seen 2019-02-21
    modified 2018-07-18
    plugin id 68132
    published 2013-07-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=68132
    title Oracle Linux 5 : pam (ELSA-2010-0819)
redhat via4
advisories
  • rhsa
    id RHSA-2010:0819
  • rhsa
    id RHSA-2010:0891
rpms
  • pam-0:0.99.6.2-6.el5_5.2
  • pam-devel-0:0.99.6.2-6.el5_5.2
  • pam-0:1.1.1-4.el6_0.1
  • pam-devel-0:1.1.1-4.el6_0.1
refmap via4
bugtraq 20110308 VMSA-2011-0004 VMware ESX/ESXi SLPD denial of service vulnerability and ESX third party updates for Service Console packages bind, pam, and rpm.
confirm
gentoo GLSA-201206-31
mandriva MDVSA-2010:220
mlist [security-announce] 20110307 VMSA-2011-0004 VMware ESX/ESXi SLPD denial of service vulnerability and ESX third party updates for Service Console packages bind, pam, and rpm
secunia 49711
vupen ADV-2011-0606
Last major update 23-07-2012 - 23:22
Published 24-01-2011 - 13:00
Last modified 03-01-2019 - 10:01
Back to Top