1. CVE-Search
  2. CVE-2010-3316
ID CVE-2010-3316
Summary The run_coprocess function in pam_xauth.c in the pam_xauth module in Linux-PAM (aka pam) before 1.1.2 does not check the return values of the setuid, setgid, and setgroups system calls, which might allow local users to read arbitrary files by executing a program that relies on the pam_xauth PAM check.
References
Vulnerable Configurations
  • cpe:2.3:a:linux-pam:linux-pam:0.99.1.0:*:*:*:*:*:*:*
    cpe:2.3:a:linux-pam:linux-pam:0.99.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:linux-pam:linux-pam:0.99.2.0:*:*:*:*:*:*:*
    cpe:2.3:a:linux-pam:linux-pam:0.99.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:linux-pam:linux-pam:0.99.2.1:*:*:*:*:*:*:*
    cpe:2.3:a:linux-pam:linux-pam:0.99.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:linux-pam:linux-pam:0.99.3.0:*:*:*:*:*:*:*
    cpe:2.3:a:linux-pam:linux-pam:0.99.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:linux-pam:linux-pam:0.99.4.0:*:*:*:*:*:*:*
    cpe:2.3:a:linux-pam:linux-pam:0.99.4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:linux-pam:linux-pam:0.99.5.0:*:*:*:*:*:*:*
    cpe:2.3:a:linux-pam:linux-pam:0.99.5.0:*:*:*:*:*:*:*
  • cpe:2.3:a:linux-pam:linux-pam:0.99.6.0:*:*:*:*:*:*:*
    cpe:2.3:a:linux-pam:linux-pam:0.99.6.0:*:*:*:*:*:*:*
  • cpe:2.3:a:linux-pam:linux-pam:0.99.6.1:*:*:*:*:*:*:*
    cpe:2.3:a:linux-pam:linux-pam:0.99.6.1:*:*:*:*:*:*:*
  • cpe:2.3:a:linux-pam:linux-pam:0.99.6.2:*:*:*:*:*:*:*
    cpe:2.3:a:linux-pam:linux-pam:0.99.6.2:*:*:*:*:*:*:*
  • cpe:2.3:a:linux-pam:linux-pam:0.99.6.3:*:*:*:*:*:*:*
    cpe:2.3:a:linux-pam:linux-pam:0.99.6.3:*:*:*:*:*:*:*
  • cpe:2.3:a:linux-pam:linux-pam:0.99.7.0:*:*:*:*:*:*:*
    cpe:2.3:a:linux-pam:linux-pam:0.99.7.0:*:*:*:*:*:*:*
  • cpe:2.3:a:linux-pam:linux-pam:0.99.7.1:*:*:*:*:*:*:*
    cpe:2.3:a:linux-pam:linux-pam:0.99.7.1:*:*:*:*:*:*:*
  • cpe:2.3:a:linux-pam:linux-pam:0.99.8.0:*:*:*:*:*:*:*
    cpe:2.3:a:linux-pam:linux-pam:0.99.8.0:*:*:*:*:*:*:*
  • cpe:2.3:a:linux-pam:linux-pam:0.99.8.1:*:*:*:*:*:*:*
    cpe:2.3:a:linux-pam:linux-pam:0.99.8.1:*:*:*:*:*:*:*
  • cpe:2.3:a:linux-pam:linux-pam:0.99.9.0:*:*:*:*:*:*:*
    cpe:2.3:a:linux-pam:linux-pam:0.99.9.0:*:*:*:*:*:*:*
  • cpe:2.3:a:linux-pam:linux-pam:0.99.10.0:*:*:*:*:*:*:*
    cpe:2.3:a:linux-pam:linux-pam:0.99.10.0:*:*:*:*:*:*:*
  • cpe:2.3:a:linux-pam:linux-pam:1.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:linux-pam:linux-pam:1.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:linux-pam:linux-pam:1.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:linux-pam:linux-pam:1.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:linux-pam:linux-pam:1.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:linux-pam:linux-pam:1.0.2:*:*:*:*:*:*:*
  • cpe:2.3:a:linux-pam:linux-pam:1.0.3:*:*:*:*:*:*:*
    cpe:2.3:a:linux-pam:linux-pam:1.0.3:*:*:*:*:*:*:*
  • cpe:2.3:a:linux-pam:linux-pam:1.0.4:*:*:*:*:*:*:*
    cpe:2.3:a:linux-pam:linux-pam:1.0.4:*:*:*:*:*:*:*
  • cpe:2.3:a:linux-pam:linux-pam:1.1.0:*:*:*:*:*:*:*
    cpe:2.3:a:linux-pam:linux-pam:1.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:linux-pam:linux-pam:0.72:*:*:*:*:*:*:*
    cpe:2.3:a:linux-pam:linux-pam:0.72:*:*:*:*:*:*:*
  • cpe:2.3:a:linux-pam:linux-pam:0.73:*:*:*:*:*:*:*
    cpe:2.3:a:linux-pam:linux-pam:0.73:*:*:*:*:*:*:*
  • cpe:2.3:a:linux-pam:linux-pam:0.74:*:*:*:*:*:*:*
    cpe:2.3:a:linux-pam:linux-pam:0.74:*:*:*:*:*:*:*
  • cpe:2.3:a:linux-pam:linux-pam:0.75:*:*:*:*:*:*:*
    cpe:2.3:a:linux-pam:linux-pam:0.75:*:*:*:*:*:*:*
  • cpe:2.3:a:linux-pam:linux-pam:0.76:*:*:*:*:*:*:*
    cpe:2.3:a:linux-pam:linux-pam:0.76:*:*:*:*:*:*:*
  • cpe:2.3:a:linux-pam:linux-pam:0.77:*:*:*:*:*:*:*
    cpe:2.3:a:linux-pam:linux-pam:0.77:*:*:*:*:*:*:*
  • cpe:2.3:a:linux-pam:linux-pam:0.78:-:*:*:*:*:*:*
    cpe:2.3:a:linux-pam:linux-pam:0.78:-:*:*:*:*:*:*
  • cpe:2.3:a:linux-pam:linux-pam:0.78:beta1:*:*:*:*:*:*
    cpe:2.3:a:linux-pam:linux-pam:0.78:beta1:*:*:*:*:*:*
  • cpe:2.3:a:linux-pam:linux-pam:0.79:*:*:*:*:*:*:*
    cpe:2.3:a:linux-pam:linux-pam:0.79:*:*:*:*:*:*:*
  • cpe:2.3:a:linux-pam:linux-pam:0.80:*:*:*:*:*:*:*
    cpe:2.3:a:linux-pam:linux-pam:0.80:*:*:*:*:*:*:*
  • cpe:2.3:a:linux-pam:linux-pam:1.0.90:*:*:*:*:*:*:*
    cpe:2.3:a:linux-pam:linux-pam:1.0.90:*:*:*:*:*:*:*
  • cpe:2.3:a:linux-pam:linux-pam:1.0.91:*:*:*:*:*:*:*
    cpe:2.3:a:linux-pam:linux-pam:1.0.91:*:*:*:*:*:*:*
  • cpe:2.3:a:linux-pam:linux-pam:1.0.92:*:*:*:*:*:*:*
    cpe:2.3:a:linux-pam:linux-pam:1.0.92:*:*:*:*:*:*:*
  • cpe:2.3:a:linux-pam:linux-pam:1.1.1:*:*:*:*:*:*:*
    cpe:2.3:a:linux-pam:linux-pam:1.1.1:*:*:*:*:*:*:*
CVSS
Base: 3.3 (as of 13-02-2023 - 04:23)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
LOCAL MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL NONE
cvss-vector via4 AV:L/AC:M/Au:N/C:P/I:P/A:N
redhat via4
advisories
  • rhsa
    id RHSA-2010:0819
  • rhsa
    id RHSA-2010:0891
rpms
  • pam-0:0.99.6.2-6.el5_5.2
  • pam-debuginfo-0:0.99.6.2-6.el5_5.2
  • pam-devel-0:0.99.6.2-6.el5_5.2
  • pam-0:1.1.1-4.el6_0.1
  • pam-debuginfo-0:1.1.1-4.el6_0.1
  • pam-devel-0:1.1.1-4.el6_0.1
refmap via4
bugtraq 20110308 VMSA-2011-0004 VMware ESX/ESXi SLPD denial of service vulnerability and ESX third party updates for Service Console packages bind, pam, and rpm.
confirm
gentoo GLSA-201206-31
mandriva MDVSA-2010:220
misc https://sourceforge.net/tracker/?func=detail&aid=3028213&group_id=6663&atid=106663
mlist
  • [oss-security] 20100816 Minor security flaw with pam_xauth
  • [oss-security] 20100921 Re: Minor security flaw with pam_xauth
  • [oss-security] 20100924 Re: Minor security flaw with pam_xauth
  • [oss-security] 20100927 Re: Minor security flaw with pam_xauth
  • [oss-security] 20100928 Re: Minor security flaw with pam_xauth
  • [oss-security] 20101025 Re: Minor security flaw with pam_xauth
  • [security-announce] 20110307 VMSA-2011-0004 VMware ESX/ESXi SLPD denial of service vulnerability and ESX third party updates for Service Console packages bind, pam, and rpm
secunia 49711
vupen ADV-2011-0606
Last major update 13-02-2023 - 04:23
Published 24-01-2011 - 18:00
Last modified 13-02-2023 - 04:23
Back to Top