ID CVE-2010-4707
Summary The check_acl function in pam_xauth.c in the pam_xauth module in Linux-PAM (aka pam) 1.1.2 and earlier does not verify that a certain ACL file is a regular file, which might allow local users to cause a denial of service (resource consumption) via a special file.
References
Vulnerable Configurations
  • cpe:2.3:a:linux-pam:linux-pam:0.99.1.0:*:*:*:*:*:*:*
    cpe:2.3:a:linux-pam:linux-pam:0.99.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:linux-pam:linux-pam:0.99.2.0:*:*:*:*:*:*:*
    cpe:2.3:a:linux-pam:linux-pam:0.99.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:linux-pam:linux-pam:0.99.2.1:*:*:*:*:*:*:*
    cpe:2.3:a:linux-pam:linux-pam:0.99.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:linux-pam:linux-pam:0.99.3.0:*:*:*:*:*:*:*
    cpe:2.3:a:linux-pam:linux-pam:0.99.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:linux-pam:linux-pam:0.99.4.0:*:*:*:*:*:*:*
    cpe:2.3:a:linux-pam:linux-pam:0.99.4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:linux-pam:linux-pam:0.99.5.0:*:*:*:*:*:*:*
    cpe:2.3:a:linux-pam:linux-pam:0.99.5.0:*:*:*:*:*:*:*
  • cpe:2.3:a:linux-pam:linux-pam:0.99.6.0:*:*:*:*:*:*:*
    cpe:2.3:a:linux-pam:linux-pam:0.99.6.0:*:*:*:*:*:*:*
  • cpe:2.3:a:linux-pam:linux-pam:0.99.6.1:*:*:*:*:*:*:*
    cpe:2.3:a:linux-pam:linux-pam:0.99.6.1:*:*:*:*:*:*:*
  • cpe:2.3:a:linux-pam:linux-pam:0.99.6.2:*:*:*:*:*:*:*
    cpe:2.3:a:linux-pam:linux-pam:0.99.6.2:*:*:*:*:*:*:*
  • cpe:2.3:a:linux-pam:linux-pam:0.99.6.3:*:*:*:*:*:*:*
    cpe:2.3:a:linux-pam:linux-pam:0.99.6.3:*:*:*:*:*:*:*
  • cpe:2.3:a:linux-pam:linux-pam:0.99.7.0:*:*:*:*:*:*:*
    cpe:2.3:a:linux-pam:linux-pam:0.99.7.0:*:*:*:*:*:*:*
  • cpe:2.3:a:linux-pam:linux-pam:0.99.7.1:*:*:*:*:*:*:*
    cpe:2.3:a:linux-pam:linux-pam:0.99.7.1:*:*:*:*:*:*:*
  • cpe:2.3:a:linux-pam:linux-pam:0.99.8.0:*:*:*:*:*:*:*
    cpe:2.3:a:linux-pam:linux-pam:0.99.8.0:*:*:*:*:*:*:*
  • cpe:2.3:a:linux-pam:linux-pam:0.99.8.1:*:*:*:*:*:*:*
    cpe:2.3:a:linux-pam:linux-pam:0.99.8.1:*:*:*:*:*:*:*
  • cpe:2.3:a:linux-pam:linux-pam:0.99.9.0:*:*:*:*:*:*:*
    cpe:2.3:a:linux-pam:linux-pam:0.99.9.0:*:*:*:*:*:*:*
  • cpe:2.3:a:linux-pam:linux-pam:0.99.10.0:*:*:*:*:*:*:*
    cpe:2.3:a:linux-pam:linux-pam:0.99.10.0:*:*:*:*:*:*:*
  • cpe:2.3:a:linux-pam:linux-pam:1.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:linux-pam:linux-pam:1.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:linux-pam:linux-pam:1.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:linux-pam:linux-pam:1.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:linux-pam:linux-pam:1.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:linux-pam:linux-pam:1.0.2:*:*:*:*:*:*:*
  • cpe:2.3:a:linux-pam:linux-pam:1.0.3:*:*:*:*:*:*:*
    cpe:2.3:a:linux-pam:linux-pam:1.0.3:*:*:*:*:*:*:*
  • cpe:2.3:a:linux-pam:linux-pam:1.0.4:*:*:*:*:*:*:*
    cpe:2.3:a:linux-pam:linux-pam:1.0.4:*:*:*:*:*:*:*
  • cpe:2.3:a:linux-pam:linux-pam:1.1.0:*:*:*:*:*:*:*
    cpe:2.3:a:linux-pam:linux-pam:1.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:linux-pam:linux-pam:1.1.1:*:*:*:*:*:*:*
    cpe:2.3:a:linux-pam:linux-pam:1.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:linux-pam:linux-pam:1.1.2:*:*:*:*:*:*:*
    cpe:2.3:a:linux-pam:linux-pam:1.1.2:*:*:*:*:*:*:*
CVSS
Base: 4.9 (as of 03-01-2019 - 15:01)
Impact:
Exploitability:
CWE CWE-399
CAPEC
Access
VectorComplexityAuthentication
LOCAL LOW NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE NONE NONE
cvss-vector via4 AV:L/AC:L/Au:N/C:C/I:N/A:N
redhat via4
advisories
bugzilla
id 643043
title CVE-2010-3853 pam: pam_namespace executes namespace.init with service's environment
oval
OR
  • comment Red Hat Enterprise Linux must be installed
    oval oval:com.redhat.rhba:tst:20070304026
  • AND
    • comment Red Hat Enterprise Linux 5 is installed
      oval oval:com.redhat.rhba:tst:20070331005
    • OR
      • AND
        • comment pam is earlier than 0:0.99.6.2-6.el5_5.2
          oval oval:com.redhat.rhsa:tst:20100819001
        • comment pam is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20070555002
      • AND
        • comment pam-devel is earlier than 0:0.99.6.2-6.el5_5.2
          oval oval:com.redhat.rhsa:tst:20100819003
        • comment pam-devel is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20070555004
rhsa
id RHSA-2010:0819
released 2010-11-01
severity Moderate
title RHSA-2010:0819: pam security update (Moderate)
rpms
  • pam-0:0.99.6.2-6.el5_5.2
  • pam-debuginfo-0:0.99.6.2-6.el5_5.2
  • pam-devel-0:0.99.6.2-6.el5_5.2
  • pam-0:1.1.1-4.el6_0.1
  • pam-debuginfo-0:1.1.1-4.el6_0.1
  • pam-devel-0:1.1.1-4.el6_0.1
refmap via4
bid 46045
confirm http://git.altlinux.org/people/ldv/packages/?p=pam.git;a=commit;h=Linux-PAM-1_1_2-2-gffe7058c70253d574b1963c7c93002bd410fddc9
gentoo GLSA-201206-31
mlist [oss-security] 20101004 Re: Minor security flaw with pam_xauth
secunia 49711
xf linuxpam-checkacl-dos(65036)
Last major update 03-01-2019 - 15:01
Published 24-01-2011 - 19:00
Last modified 03-01-2019 - 15:01
Back to Top