Lucene search

K
cveRedhatCVE-2010-3853
HistoryJan 24, 2011 - 6:00 p.m.

CVE-2010-3853

2011-01-2418:00:02
redhat
web.nvd.nist.gov
42
cve-2010-3853
linux-pam
pam_namespace
security vulnerability
privilege escalation
nvd

CVSS2

6.9

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

AI Score

6.2

Confidence

Low

EPSS

0

Percentile

5.1%

pam_namespace.c in the pam_namespace module in Linux-PAM (aka pam) before 1.1.3 uses the environment of the invoking application or service during execution of the namespace.init script, which might allow local users to gain privileges by running a setuid program that relies on the pam_namespace PAM check, as demonstrated by the sudo program.

Affected configurations

Nvd
Node
linux-pamlinux-pamRange1.1.2
OR
linux-pamlinux-pamMatch0.99.1.0
OR
linux-pamlinux-pamMatch0.99.2.0
OR
linux-pamlinux-pamMatch0.99.2.1
OR
linux-pamlinux-pamMatch0.99.3.0
OR
linux-pamlinux-pamMatch0.99.4.0
OR
linux-pamlinux-pamMatch0.99.5.0
OR
linux-pamlinux-pamMatch0.99.6.0
OR
linux-pamlinux-pamMatch0.99.6.1
OR
linux-pamlinux-pamMatch0.99.6.2
OR
linux-pamlinux-pamMatch0.99.6.3
OR
linux-pamlinux-pamMatch0.99.7.0
OR
linux-pamlinux-pamMatch0.99.7.1
OR
linux-pamlinux-pamMatch0.99.8.0
OR
linux-pamlinux-pamMatch0.99.8.1
OR
linux-pamlinux-pamMatch0.99.9.0
OR
linux-pamlinux-pamMatch0.99.10.0
OR
linux-pamlinux-pamMatch1.0.0
OR
linux-pamlinux-pamMatch1.0.1
OR
linux-pamlinux-pamMatch1.0.2
OR
linux-pamlinux-pamMatch1.0.3
OR
linux-pamlinux-pamMatch1.0.4
OR
linux-pamlinux-pamMatch1.1.0
OR
linux-pamlinux-pamMatch1.1.1
VendorProductVersionCPE
linux-pamlinux-pam*cpe:2.3:a:linux-pam:linux-pam:*:*:*:*:*:*:*:*
linux-pamlinux-pam0.99.1.0cpe:2.3:a:linux-pam:linux-pam:0.99.1.0:*:*:*:*:*:*:*
linux-pamlinux-pam0.99.2.0cpe:2.3:a:linux-pam:linux-pam:0.99.2.0:*:*:*:*:*:*:*
linux-pamlinux-pam0.99.2.1cpe:2.3:a:linux-pam:linux-pam:0.99.2.1:*:*:*:*:*:*:*
linux-pamlinux-pam0.99.3.0cpe:2.3:a:linux-pam:linux-pam:0.99.3.0:*:*:*:*:*:*:*
linux-pamlinux-pam0.99.4.0cpe:2.3:a:linux-pam:linux-pam:0.99.4.0:*:*:*:*:*:*:*
linux-pamlinux-pam0.99.5.0cpe:2.3:a:linux-pam:linux-pam:0.99.5.0:*:*:*:*:*:*:*
linux-pamlinux-pam0.99.6.0cpe:2.3:a:linux-pam:linux-pam:0.99.6.0:*:*:*:*:*:*:*
linux-pamlinux-pam0.99.6.1cpe:2.3:a:linux-pam:linux-pam:0.99.6.1:*:*:*:*:*:*:*
linux-pamlinux-pam0.99.6.2cpe:2.3:a:linux-pam:linux-pam:0.99.6.2:*:*:*:*:*:*:*
Rows per page:
1-10 of 241

CVSS2

6.9

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

AI Score

6.2

Confidence

Low

EPSS

0

Percentile

5.1%