ID CVE-2010-3853
Summary pam_namespace.c in the pam_namespace module in Linux-PAM (aka pam) before 1.1.3 uses the environment of the invoking application or service during execution of the namespace.init script, which might allow local users to gain privileges by running a setuid program that relies on the pam_namespace PAM check, as demonstrated by the sudo program.
References
Vulnerable Configurations
  • cpe:2.3:a:linux-pam:linux-pam:0.99.1.0:*:*:*:*:*:*:*
    cpe:2.3:a:linux-pam:linux-pam:0.99.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:linux-pam:linux-pam:0.99.2.0:*:*:*:*:*:*:*
    cpe:2.3:a:linux-pam:linux-pam:0.99.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:linux-pam:linux-pam:0.99.2.1:*:*:*:*:*:*:*
    cpe:2.3:a:linux-pam:linux-pam:0.99.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:linux-pam:linux-pam:0.99.3.0:*:*:*:*:*:*:*
    cpe:2.3:a:linux-pam:linux-pam:0.99.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:linux-pam:linux-pam:0.99.4.0:*:*:*:*:*:*:*
    cpe:2.3:a:linux-pam:linux-pam:0.99.4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:linux-pam:linux-pam:0.99.5.0:*:*:*:*:*:*:*
    cpe:2.3:a:linux-pam:linux-pam:0.99.5.0:*:*:*:*:*:*:*
  • cpe:2.3:a:linux-pam:linux-pam:0.99.6.0:*:*:*:*:*:*:*
    cpe:2.3:a:linux-pam:linux-pam:0.99.6.0:*:*:*:*:*:*:*
  • cpe:2.3:a:linux-pam:linux-pam:0.99.6.1:*:*:*:*:*:*:*
    cpe:2.3:a:linux-pam:linux-pam:0.99.6.1:*:*:*:*:*:*:*
  • cpe:2.3:a:linux-pam:linux-pam:0.99.6.2:*:*:*:*:*:*:*
    cpe:2.3:a:linux-pam:linux-pam:0.99.6.2:*:*:*:*:*:*:*
  • cpe:2.3:a:linux-pam:linux-pam:0.99.6.3:*:*:*:*:*:*:*
    cpe:2.3:a:linux-pam:linux-pam:0.99.6.3:*:*:*:*:*:*:*
  • cpe:2.3:a:linux-pam:linux-pam:0.99.7.0:*:*:*:*:*:*:*
    cpe:2.3:a:linux-pam:linux-pam:0.99.7.0:*:*:*:*:*:*:*
  • cpe:2.3:a:linux-pam:linux-pam:0.99.7.1:*:*:*:*:*:*:*
    cpe:2.3:a:linux-pam:linux-pam:0.99.7.1:*:*:*:*:*:*:*
  • cpe:2.3:a:linux-pam:linux-pam:0.99.8.0:*:*:*:*:*:*:*
    cpe:2.3:a:linux-pam:linux-pam:0.99.8.0:*:*:*:*:*:*:*
  • cpe:2.3:a:linux-pam:linux-pam:0.99.8.1:*:*:*:*:*:*:*
    cpe:2.3:a:linux-pam:linux-pam:0.99.8.1:*:*:*:*:*:*:*
  • cpe:2.3:a:linux-pam:linux-pam:0.99.9.0:*:*:*:*:*:*:*
    cpe:2.3:a:linux-pam:linux-pam:0.99.9.0:*:*:*:*:*:*:*
  • cpe:2.3:a:linux-pam:linux-pam:0.99.10.0:*:*:*:*:*:*:*
    cpe:2.3:a:linux-pam:linux-pam:0.99.10.0:*:*:*:*:*:*:*
  • cpe:2.3:a:linux-pam:linux-pam:1.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:linux-pam:linux-pam:1.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:linux-pam:linux-pam:1.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:linux-pam:linux-pam:1.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:linux-pam:linux-pam:1.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:linux-pam:linux-pam:1.0.2:*:*:*:*:*:*:*
  • cpe:2.3:a:linux-pam:linux-pam:1.0.3:*:*:*:*:*:*:*
    cpe:2.3:a:linux-pam:linux-pam:1.0.3:*:*:*:*:*:*:*
  • cpe:2.3:a:linux-pam:linux-pam:1.0.4:*:*:*:*:*:*:*
    cpe:2.3:a:linux-pam:linux-pam:1.0.4:*:*:*:*:*:*:*
  • cpe:2.3:a:linux-pam:linux-pam:1.1.0:*:*:*:*:*:*:*
    cpe:2.3:a:linux-pam:linux-pam:1.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:linux-pam:linux-pam:1.1.1:*:*:*:*:*:*:*
    cpe:2.3:a:linux-pam:linux-pam:1.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:linux-pam:linux-pam:1.1.2:*:*:*:*:*:*:*
    cpe:2.3:a:linux-pam:linux-pam:1.1.2:*:*:*:*:*:*:*
CVSS
Base: 6.9 (as of 03-01-2019 - 15:01)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
LOCAL MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
cvss-vector via4 AV:L/AC:M/Au:N/C:C/I:C/A:C
redhat via4
advisories
  • rhsa
    id RHSA-2010:0819
  • rhsa
    id RHSA-2010:0891
rpms
  • pam-0:0.99.6.2-6.el5_5.2
  • pam-debuginfo-0:0.99.6.2-6.el5_5.2
  • pam-devel-0:0.99.6.2-6.el5_5.2
  • pam-0:1.1.1-4.el6_0.1
  • pam-debuginfo-0:1.1.1-4.el6_0.1
  • pam-devel-0:1.1.1-4.el6_0.1
refmap via4
bugtraq 20110308 VMSA-2011-0004 VMware ESX/ESXi SLPD denial of service vulnerability and ESX third party updates for Service Console packages bind, pam, and rpm.
confirm
gentoo GLSA-201206-31
mandriva MDVSA-2010:220
mlist [security-announce] 20110307 VMSA-2011-0004 VMware ESX/ESXi SLPD denial of service vulnerability and ESX third party updates for Service Console packages bind, pam, and rpm
secunia 49711
vupen ADV-2011-0606
Last major update 03-01-2019 - 15:01
Published 24-01-2011 - 18:00
Last modified 03-01-2019 - 15:01
Back to Top