{"id": "ORACLELINUX_ELSA-2010-0819.NASL", "bulletinFamily": "scanner", "title": "Oracle Linux 5 : pam (ELSA-2010-0819)", "description": "From Red Hat Security Advisory 2010:0819 :\n\nUpdated pam packages that fix three security issues are now available for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nPluggable Authentication Modules (PAM) provide a system whereby administrators can set up authentication policies without having to recompile programs that handle authentication.\n\nIt was discovered that the pam_namespace module executed the external script namespace.init with an unchanged environment inherited from an application calling PAM. In cases where such an environment was untrusted (for example, when pam_namespace was configured for setuid applications such as su or sudo), a local, unprivileged user could possibly use this flaw to escalate their privileges. (CVE-2010-3853)\n\nIt was discovered that the pam_mail module used root privileges while accessing users' files. In certain configurations, a local, unprivileged user could use this flaw to obtain limited information about files or directories that they do not have access to.\n(CVE-2010-3435)\n\nIt was discovered that the pam_xauth module did not verify the return values of the setuid() and setgid() system calls. A local, unprivileged user could use this flaw to execute the xauth command with root privileges and make it read an arbitrary input file.\n(CVE-2010-3316)\n\nRed Hat would like to thank Sebastian Krahmer of the SuSE Security Team for reporting the CVE-2010-3435 issue.\n\nAll pam users should upgrade to these updated packages, which contain backported patches to correct these issues.", "published": "2013-07-12T00:00:00", "modified": "2018-07-18T00:00:00", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=68132", "reporter": "Tenable", "references": ["https://oss.oracle.com/pipermail/el-errata/2010-November/001719.html"], "cvelist": ["CVE-2010-4707", "CVE-2010-3316", "CVE-2010-3435", "CVE-2010-3853"], "type": "nessus", "lastseen": "2019-02-21T01:19:28", "history": [{"bulletin": {"bulletinFamily": "scanner", "cpe": ["p-cpe:/a:oracle:linux:pam", "cpe:/o:oracle:linux:5", "p-cpe:/a:oracle:linux:pam-devel"], "cvelist": ["CVE-2010-4707", "CVE-2010-3316", "CVE-2010-3435", "CVE-2010-3853"], "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "description": "From Red Hat Security Advisory 2010:0819 :\n\nUpdated pam packages that fix three security issues are now available for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nPluggable Authentication Modules (PAM) provide a system whereby administrators can set up authentication policies without having to recompile programs that handle authentication.\n\nIt was discovered that the pam_namespace module executed the external script namespace.init with an unchanged environment inherited from an application calling PAM. In cases where such an environment was untrusted (for example, when pam_namespace was configured for setuid applications such as su or sudo), a local, unprivileged user could possibly use this flaw to escalate their privileges. (CVE-2010-3853)\n\nIt was discovered that the pam_mail module used root privileges while accessing users' files. In certain configurations, a local, unprivileged user could use this flaw to obtain limited information about files or directories that they do not have access to.\n(CVE-2010-3435)\n\nIt was discovered that the pam_xauth module did not verify the return values of the setuid() and setgid() system calls. A local, unprivileged user could use this flaw to execute the xauth command with root privileges and make it read an arbitrary input file.\n(CVE-2010-3316)\n\nRed Hat would like to thank Sebastian Krahmer of the SuSE Security Team for reporting the CVE-2010-3435 issue.\n\nAll pam users should upgrade to these updated packages, which contain backported patches to correct these issues.", "edition": 3, "enchantments": {"score": {"value": 7.2, "vector": "NONE"}}, "hash": "6b2e00c8f61a805756ef3e425fd91f30726e86a41b5c1f1b8249ceda76e0200a", "hashmap": [{"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "324846fd6cf2905d50a87f6c0cb3eb56", "key": "references"}, {"hash": "460c04d8bb70a18eab6d2cdadd5f4147", "key": "cpe"}, {"hash": "a2e7bf4f5c22864c916efcca619a6008", "key": "description"}, {"hash": "881704d8ff5bb3a6d771d887c87e3613", "key": "cvelist"}, {"hash": "2e3c438f66403fd816adabf5a1b82b29", "key": "modified"}, {"hash": "57973d24ed8f7da813f3dfe4c59a9c72", "key": "title"}, {"hash": "e31ed89ab0cbb68ce2c40f17ec1e5483", "key": "naslFamily"}, {"hash": "e8bafdc9ad5c6f47fe1e6e5fd509b7a9", "key": "cvss"}, {"hash": "a2bd92a4b5b334a8ad8d381dd31bd4c5", "key": "pluginID"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "0db193a0effe2d65dffecdb5e4d9c241", "key": "published"}, {"hash": "c5348a171fffd21461b13bf67d8b09fc", "key": "href"}, {"hash": "f8ad3b9aac539a85a2dbc87b80b1b780", "key": "sourceData"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=68132", "id": "ORACLELINUX_ELSA-2010-0819.NASL", "lastseen": "2018-07-21T08:13:15", "modified": "2018-07-18T00:00:00", "naslFamily": "Oracle Linux Local Security Checks", "objectVersion": "1.3", "pluginID": "68132", "published": "2013-07-12T00:00:00", "references": ["https://oss.oracle.com/pipermail/el-errata/2010-November/001719.html"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2010:0819 and \n# Oracle Linux Security Advisory ELSA-2010-0819 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(68132);\n script_version(\"1.5\");\n script_cvs_date(\"Date: 2018/07/18 17:43:56\");\n\n script_cve_id(\"CVE-2010-3316\", \"CVE-2010-3435\", \"CVE-2010-3853\", \"CVE-2010-4707\");\n script_bugtraq_id(42472, 43487);\n script_xref(name:\"RHSA\", value:\"2010:0819\");\n\n script_name(english:\"Oracle Linux 5 : pam (ELSA-2010-0819)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2010:0819 :\n\nUpdated pam packages that fix three security issues are now available\nfor Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nPluggable Authentication Modules (PAM) provide a system whereby\nadministrators can set up authentication policies without having to\nrecompile programs that handle authentication.\n\nIt was discovered that the pam_namespace module executed the external\nscript namespace.init with an unchanged environment inherited from an\napplication calling PAM. In cases where such an environment was\nuntrusted (for example, when pam_namespace was configured for setuid\napplications such as su or sudo), a local, unprivileged user could\npossibly use this flaw to escalate their privileges. (CVE-2010-3853)\n\nIt was discovered that the pam_mail module used root privileges while\naccessing users' files. In certain configurations, a local,\nunprivileged user could use this flaw to obtain limited information\nabout files or directories that they do not have access to.\n(CVE-2010-3435)\n\nIt was discovered that the pam_xauth module did not verify the return\nvalues of the setuid() and setgid() system calls. A local,\nunprivileged user could use this flaw to execute the xauth command\nwith root privileges and make it read an arbitrary input file.\n(CVE-2010-3316)\n\nRed Hat would like to thank Sebastian Krahmer of the SuSE Security\nTeam for reporting the CVE-2010-3435 issue.\n\nAll pam users should upgrade to these updated packages, which contain\nbackported patches to correct these issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2010-November/001719.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected pam packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:pam\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:pam-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:5\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/11/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !eregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = eregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 5\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL5\", reference:\"pam-0.99.6.2-6.el5_5.2\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"pam-devel-0.99.6.2-6.el5_5.2\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"pam / pam-devel\");\n}\n", "title": "Oracle Linux 5 : pam (ELSA-2010-0819)", "type": "nessus", "viewCount": 0}, "differentElements": ["cvss"], "edition": 3, "lastseen": "2018-07-21T08:13:15"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["p-cpe:/a:oracle:linux:pam", "cpe:/o:oracle:linux:5", "p-cpe:/a:oracle:linux:pam-devel"], "cvelist": ["CVE-2010-4707", "CVE-2010-3316", "CVE-2010-3435", "CVE-2010-3853"], "cvss": {"score": 0.0, "vector": "NONE"}, "description": "From Red Hat Security Advisory 2010:0819 :\n\nUpdated pam packages that fix three security issues are now available for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nPluggable Authentication Modules (PAM) provide a system whereby administrators can set up authentication policies without having to recompile programs that handle authentication.\n\nIt was discovered that the pam_namespace module executed the external script namespace.init with an unchanged environment inherited from an application calling PAM. In cases where such an environment was untrusted (for example, when pam_namespace was configured for setuid applications such as su or sudo), a local, unprivileged user could possibly use this flaw to escalate their privileges. (CVE-2010-3853)\n\nIt was discovered that the pam_mail module used root privileges while accessing users' files. In certain configurations, a local, unprivileged user could use this flaw to obtain limited information about files or directories that they do not have access to.\n(CVE-2010-3435)\n\nIt was discovered that the pam_xauth module did not verify the return values of the setuid() and setgid() system calls. A local, unprivileged user could use this flaw to execute the xauth command with root privileges and make it read an arbitrary input file.\n(CVE-2010-3316)\n\nRed Hat would like to thank Sebastian Krahmer of the SuSE Security Team for reporting the CVE-2010-3435 issue.\n\nAll pam users should upgrade to these updated packages, which contain backported patches to correct these issues.", "edition": 4, "enchantments": {"score": {"value": 7.2, "vector": "NONE"}}, "hash": "43afd0c804fd1ee6fa0cd19e8ee8d0303be2fd3aed3268dc6ea19381a3a1f901", "hashmap": [{"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "324846fd6cf2905d50a87f6c0cb3eb56", "key": "references"}, {"hash": "460c04d8bb70a18eab6d2cdadd5f4147", "key": "cpe"}, {"hash": "a2e7bf4f5c22864c916efcca619a6008", "key": "description"}, {"hash": "881704d8ff5bb3a6d771d887c87e3613", "key": "cvelist"}, {"hash": "2e3c438f66403fd816adabf5a1b82b29", "key": "modified"}, {"hash": "57973d24ed8f7da813f3dfe4c59a9c72", "key": "title"}, {"hash": "e31ed89ab0cbb68ce2c40f17ec1e5483", "key": "naslFamily"}, {"hash": "8cd4821cb504d25572038ed182587d85", "key": "cvss"}, {"hash": "a2bd92a4b5b334a8ad8d381dd31bd4c5", "key": "pluginID"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "0db193a0effe2d65dffecdb5e4d9c241", "key": "published"}, {"hash": "c5348a171fffd21461b13bf67d8b09fc", "key": "href"}, {"hash": "f8ad3b9aac539a85a2dbc87b80b1b780", "key": "sourceData"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=68132", "id": "ORACLELINUX_ELSA-2010-0819.NASL", "lastseen": "2018-08-30T19:46:55", "modified": "2018-07-18T00:00:00", "naslFamily": "Oracle Linux Local Security Checks", "objectVersion": "1.3", "pluginID": "68132", "published": "2013-07-12T00:00:00", "references": ["https://oss.oracle.com/pipermail/el-errata/2010-November/001719.html"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2010:0819 and \n# Oracle Linux Security Advisory ELSA-2010-0819 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(68132);\n script_version(\"1.5\");\n script_cvs_date(\"Date: 2018/07/18 17:43:56\");\n\n script_cve_id(\"CVE-2010-3316\", \"CVE-2010-3435\", \"CVE-2010-3853\", \"CVE-2010-4707\");\n script_bugtraq_id(42472, 43487);\n script_xref(name:\"RHSA\", value:\"2010:0819\");\n\n script_name(english:\"Oracle Linux 5 : pam (ELSA-2010-0819)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2010:0819 :\n\nUpdated pam packages that fix three security issues are now available\nfor Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nPluggable Authentication Modules (PAM) provide a system whereby\nadministrators can set up authentication policies without having to\nrecompile programs that handle authentication.\n\nIt was discovered that the pam_namespace module executed the external\nscript namespace.init with an unchanged environment inherited from an\napplication calling PAM. In cases where such an environment was\nuntrusted (for example, when pam_namespace was configured for setuid\napplications such as su or sudo), a local, unprivileged user could\npossibly use this flaw to escalate their privileges. (CVE-2010-3853)\n\nIt was discovered that the pam_mail module used root privileges while\naccessing users' files. In certain configurations, a local,\nunprivileged user could use this flaw to obtain limited information\nabout files or directories that they do not have access to.\n(CVE-2010-3435)\n\nIt was discovered that the pam_xauth module did not verify the return\nvalues of the setuid() and setgid() system calls. A local,\nunprivileged user could use this flaw to execute the xauth command\nwith root privileges and make it read an arbitrary input file.\n(CVE-2010-3316)\n\nRed Hat would like to thank Sebastian Krahmer of the SuSE Security\nTeam for reporting the CVE-2010-3435 issue.\n\nAll pam users should upgrade to these updated packages, which contain\nbackported patches to correct these issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2010-November/001719.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected pam packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:pam\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:pam-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:5\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/11/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !eregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = eregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 5\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL5\", reference:\"pam-0.99.6.2-6.el5_5.2\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"pam-devel-0.99.6.2-6.el5_5.2\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"pam / pam-devel\");\n}\n", "title": "Oracle Linux 5 : pam (ELSA-2010-0819)", "type": "nessus", "viewCount": 0}, "differentElements": ["cvss"], "edition": 4, "lastseen": "2018-08-30T19:46:55"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["p-cpe:/a:oracle:linux:pam", "cpe:/o:oracle:linux:5", "p-cpe:/a:oracle:linux:pam-devel"], "cvelist": ["CVE-2010-4707", "CVE-2010-3316", "CVE-2010-3435", "CVE-2010-3853"], "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "description": "From Red Hat Security Advisory 2010:0819 :\n\nUpdated pam packages that fix three security issues are now available for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nPluggable Authentication Modules (PAM) provide a system whereby administrators can set up authentication policies without having to recompile programs that handle authentication.\n\nIt was discovered that the pam_namespace module executed the external script namespace.init with an unchanged environment inherited from an application calling PAM. In cases where such an environment was untrusted (for example, when pam_namespace was configured for setuid applications such as su or sudo), a local, unprivileged user could possibly use this flaw to escalate their privileges. (CVE-2010-3853)\n\nIt was discovered that the pam_mail module used root privileges while accessing users' files. In certain configurations, a local, unprivileged user could use this flaw to obtain limited information about files or directories that they do not have access to.\n(CVE-2010-3435)\n\nIt was discovered that the pam_xauth module did not verify the return values of the setuid() and setgid() system calls. A local, unprivileged user could use this flaw to execute the xauth command with root privileges and make it read an arbitrary input file.\n(CVE-2010-3316)\n\nRed Hat would like to thank Sebastian Krahmer of the SuSE Security Team for reporting the CVE-2010-3435 issue.\n\nAll pam users should upgrade to these updated packages, which contain backported patches to correct these issues.", "edition": 5, "enchantments": {"score": {"value": 7.2, "vector": "NONE"}}, "hash": "6b2e00c8f61a805756ef3e425fd91f30726e86a41b5c1f1b8249ceda76e0200a", "hashmap": [{"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "324846fd6cf2905d50a87f6c0cb3eb56", "key": "references"}, {"hash": "460c04d8bb70a18eab6d2cdadd5f4147", "key": "cpe"}, {"hash": "a2e7bf4f5c22864c916efcca619a6008", "key": "description"}, {"hash": "881704d8ff5bb3a6d771d887c87e3613", "key": "cvelist"}, {"hash": "2e3c438f66403fd816adabf5a1b82b29", "key": "modified"}, {"hash": "57973d24ed8f7da813f3dfe4c59a9c72", "key": "title"}, {"hash": "e31ed89ab0cbb68ce2c40f17ec1e5483", "key": "naslFamily"}, {"hash": "e8bafdc9ad5c6f47fe1e6e5fd509b7a9", "key": "cvss"}, {"hash": "a2bd92a4b5b334a8ad8d381dd31bd4c5", "key": "pluginID"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "0db193a0effe2d65dffecdb5e4d9c241", "key": "published"}, {"hash": "c5348a171fffd21461b13bf67d8b09fc", "key": "href"}, {"hash": "f8ad3b9aac539a85a2dbc87b80b1b780", "key": "sourceData"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=68132", "id": "ORACLELINUX_ELSA-2010-0819.NASL", "lastseen": "2018-09-01T23:52:13", "modified": "2018-07-18T00:00:00", "naslFamily": "Oracle Linux Local Security Checks", "objectVersion": "1.3", "pluginID": "68132", "published": "2013-07-12T00:00:00", "references": ["https://oss.oracle.com/pipermail/el-errata/2010-November/001719.html"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2010:0819 and \n# Oracle Linux Security Advisory ELSA-2010-0819 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(68132);\n script_version(\"1.5\");\n script_cvs_date(\"Date: 2018/07/18 17:43:56\");\n\n script_cve_id(\"CVE-2010-3316\", \"CVE-2010-3435\", \"CVE-2010-3853\", \"CVE-2010-4707\");\n script_bugtraq_id(42472, 43487);\n script_xref(name:\"RHSA\", value:\"2010:0819\");\n\n script_name(english:\"Oracle Linux 5 : pam (ELSA-2010-0819)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2010:0819 :\n\nUpdated pam packages that fix three security issues are now available\nfor Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nPluggable Authentication Modules (PAM) provide a system whereby\nadministrators can set up authentication policies without having to\nrecompile programs that handle authentication.\n\nIt was discovered that the pam_namespace module executed the external\nscript namespace.init with an unchanged environment inherited from an\napplication calling PAM. In cases where such an environment was\nuntrusted (for example, when pam_namespace was configured for setuid\napplications such as su or sudo), a local, unprivileged user could\npossibly use this flaw to escalate their privileges. (CVE-2010-3853)\n\nIt was discovered that the pam_mail module used root privileges while\naccessing users' files. In certain configurations, a local,\nunprivileged user could use this flaw to obtain limited information\nabout files or directories that they do not have access to.\n(CVE-2010-3435)\n\nIt was discovered that the pam_xauth module did not verify the return\nvalues of the setuid() and setgid() system calls. A local,\nunprivileged user could use this flaw to execute the xauth command\nwith root privileges and make it read an arbitrary input file.\n(CVE-2010-3316)\n\nRed Hat would like to thank Sebastian Krahmer of the SuSE Security\nTeam for reporting the CVE-2010-3435 issue.\n\nAll pam users should upgrade to these updated packages, which contain\nbackported patches to correct these issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2010-November/001719.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected pam packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:pam\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:pam-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:5\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/11/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !eregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = eregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 5\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL5\", reference:\"pam-0.99.6.2-6.el5_5.2\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"pam-devel-0.99.6.2-6.el5_5.2\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"pam / pam-devel\");\n}\n", "title": "Oracle Linux 5 : pam (ELSA-2010-0819)", "type": "nessus", "viewCount": 0}, "differentElements": ["description"], "edition": 5, "lastseen": "2018-09-01T23:52:13"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["p-cpe:/a:oracle:linux:pam", "cpe:/o:oracle:linux:5", "p-cpe:/a:oracle:linux:pam-devel"], "cvelist": ["CVE-2010-4707", "CVE-2010-3316", "CVE-2010-3435", "CVE-2010-3853"], "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "description": "From Red Hat Security Advisory 2010:0819 :\n\nUpdated pam packages that fix three security issues are now available\nfor Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nPluggable Authentication Modules (PAM) provide a system whereby\nadministrators can set up authentication policies without having to\nrecompile programs that handle authentication.\n\nIt was discovered that the pam_namespace module executed the external\nscript namespace.init with an unchanged environment inherited from an\napplication calling PAM. In cases where such an environment was\nuntrusted (for example, when pam_namespace was configured for setuid\napplications such as su or sudo), a local, unprivileged user could\npossibly use this flaw to escalate their privileges. (CVE-2010-3853)\n\nIt was discovered that the pam_mail module used root privileges while\naccessing users' files. In certain configurations, a local,\nunprivileged user could use this flaw to obtain limited information\nabout files or directories that they do not have access to.\n(CVE-2010-3435)\n\nIt was discovered that the pam_xauth module did not verify the return\nvalues of the setuid() and setgid() system calls. A local,\nunprivileged user could use this flaw to execute the xauth command\nwith root privileges and make it read an arbitrary input file.\n(CVE-2010-3316)\n\nRed Hat would like to thank Sebastian Krahmer of the SuSE Security\nTeam for reporting the CVE-2010-3435 issue.\n\nAll pam users should upgrade to these updated packages, which contain\nbackported patches to correct these issues.", "edition": 6, "enchantments": {"dependencies": {"modified": "2019-01-16T20:16:39", "references": [{"idList": ["SECURITYVULNS:DOC:25092", "SECURITYVULNS:DOC:25898", "SECURITYVULNS:VULN:11240"], "type": "securityvulns"}, {"idList": ["GLSA-201206-31"], "type": "gentoo"}, {"idList": ["CVE-2010-4707", "CVE-2010-3316", "CVE-2010-3435", "CVE-2010-3853"], "type": "cve"}, {"idList": ["OPENVAS:1361412562310862556", "OPENVAS:1361412562310122256", "OPENVAS:1361412562310862515", "OPENVAS:870355", "OPENVAS:831231", "OPENVAS:1361412562310122300", "OPENVAS:1361412562310862619", "OPENVAS:1361412562310831231", "OPENVAS:862556", "OPENVAS:1361412562310870355"], "type": "openvas"}, {"idList": ["USN-1140-2", "USN-1140-1"], "type": "ubuntu"}, {"idList": ["RHSA-2010:0891", "RHSA-2010:0819"], "type": "redhat"}, {"idList": ["CESA-2010:0819"], "type": "centos"}, {"idList": ["FEDORA_2010-17112.NASL", "SL_20101116_PAM_ON_SL6_X.NASL", "REDHAT-RHSA-2010-0891.NASL", "FEDORA_2010-17133.NASL", "MANDRIVA_MDVSA-2010-220.NASL", "ORACLELINUX_ELSA-2010-0891.NASL", "CENTOS_RHSA-2010-0819.NASL", "FEDORA_2010-17155.NASL", "SL_20101101_PAM_ON_SL5_X.NASL", "REDHAT-RHSA-2010-0819.NASL"], "type": "nessus"}, {"idList": ["ELSA-2010-0891", "ELSA-2010-0819"], "type": "oraclelinux"}, {"idList": ["VMSA-2011-0004"], "type": "vmware"}, {"idList": ["SUSE-SU-2011:1207-1", "SUSE-SU-2011:1209-1", "SUSE-SU-2011:1205-1", "OPENSUSE-SU-2011:1208-1", "SUSE-SU-2011:1218-1"], "type": "suse"}]}, "score": {"value": 7.2, "vector": "NONE"}}, "hash": "d62f572b79e9b6c708d387b970982995540187132e971f9adbd4ade2f3b3cb9a", "hashmap": [{"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "324846fd6cf2905d50a87f6c0cb3eb56", "key": "references"}, {"hash": "460c04d8bb70a18eab6d2cdadd5f4147", "key": "cpe"}, {"hash": "881704d8ff5bb3a6d771d887c87e3613", "key": "cvelist"}, {"hash": "4fb9fbc3f4398e1ec02c51ed68d35172", "key": "description"}, {"hash": "2e3c438f66403fd816adabf5a1b82b29", "key": "modified"}, {"hash": "57973d24ed8f7da813f3dfe4c59a9c72", "key": "title"}, {"hash": "e31ed89ab0cbb68ce2c40f17ec1e5483", "key": "naslFamily"}, {"hash": "e8bafdc9ad5c6f47fe1e6e5fd509b7a9", "key": "cvss"}, {"hash": "a2bd92a4b5b334a8ad8d381dd31bd4c5", "key": "pluginID"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "0db193a0effe2d65dffecdb5e4d9c241", "key": "published"}, {"hash": "c5348a171fffd21461b13bf67d8b09fc", "key": "href"}, {"hash": "f8ad3b9aac539a85a2dbc87b80b1b780", "key": "sourceData"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=68132", "id": "ORACLELINUX_ELSA-2010-0819.NASL", "lastseen": "2019-01-16T20:16:39", "modified": "2018-07-18T00:00:00", "naslFamily": "Oracle Linux Local Security Checks", "objectVersion": "1.3", "pluginID": "68132", "published": "2013-07-12T00:00:00", "references": ["https://oss.oracle.com/pipermail/el-errata/2010-November/001719.html"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2010:0819 and \n# Oracle Linux Security Advisory ELSA-2010-0819 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(68132);\n script_version(\"1.5\");\n script_cvs_date(\"Date: 2018/07/18 17:43:56\");\n\n script_cve_id(\"CVE-2010-3316\", \"CVE-2010-3435\", \"CVE-2010-3853\", \"CVE-2010-4707\");\n script_bugtraq_id(42472, 43487);\n script_xref(name:\"RHSA\", value:\"2010:0819\");\n\n script_name(english:\"Oracle Linux 5 : pam (ELSA-2010-0819)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2010:0819 :\n\nUpdated pam packages that fix three security issues are now available\nfor Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nPluggable Authentication Modules (PAM) provide a system whereby\nadministrators can set up authentication policies without having to\nrecompile programs that handle authentication.\n\nIt was discovered that the pam_namespace module executed the external\nscript namespace.init with an unchanged environment inherited from an\napplication calling PAM. In cases where such an environment was\nuntrusted (for example, when pam_namespace was configured for setuid\napplications such as su or sudo), a local, unprivileged user could\npossibly use this flaw to escalate their privileges. (CVE-2010-3853)\n\nIt was discovered that the pam_mail module used root privileges while\naccessing users' files. In certain configurations, a local,\nunprivileged user could use this flaw to obtain limited information\nabout files or directories that they do not have access to.\n(CVE-2010-3435)\n\nIt was discovered that the pam_xauth module did not verify the return\nvalues of the setuid() and setgid() system calls. A local,\nunprivileged user could use this flaw to execute the xauth command\nwith root privileges and make it read an arbitrary input file.\n(CVE-2010-3316)\n\nRed Hat would like to thank Sebastian Krahmer of the SuSE Security\nTeam for reporting the CVE-2010-3435 issue.\n\nAll pam users should upgrade to these updated packages, which contain\nbackported patches to correct these issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2010-November/001719.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected pam packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:pam\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:pam-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:5\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/11/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !eregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = eregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 5\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL5\", reference:\"pam-0.99.6.2-6.el5_5.2\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"pam-devel-0.99.6.2-6.el5_5.2\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"pam / pam-devel\");\n}\n", "title": "Oracle Linux 5 : pam (ELSA-2010-0819)", "type": "nessus", "viewCount": 0}, "differentElements": ["description"], "edition": 6, "lastseen": "2019-01-16T20:16:39"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["p-cpe:/a:oracle:linux:pam", "cpe:/o:oracle:linux:5", "p-cpe:/a:oracle:linux:pam-devel"], "cvelist": ["CVE-2010-4707", "CVE-2010-3316", "CVE-2010-3435", "CVE-2010-3853"], "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "description": "From Red Hat Security Advisory 2010:0819 :\n\nUpdated pam packages that fix three security issues are now available for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nPluggable Authentication Modules (PAM) provide a system whereby administrators can set up authentication policies without having to recompile programs that handle authentication.\n\nIt was discovered that the pam_namespace module executed the external script namespace.init with an unchanged environment inherited from an application calling PAM. In cases where such an environment was untrusted (for example, when pam_namespace was configured for setuid applications such as su or sudo), a local, unprivileged user could possibly use this flaw to escalate their privileges. (CVE-2010-3853)\n\nIt was discovered that the pam_mail module used root privileges while accessing users' files. In certain configurations, a local, unprivileged user could use this flaw to obtain limited information about files or directories that they do not have access to.\n(CVE-2010-3435)\n\nIt was discovered that the pam_xauth module did not verify the return values of the setuid() and setgid() system calls. A local, unprivileged user could use this flaw to execute the xauth command with root privileges and make it read an arbitrary input file.\n(CVE-2010-3316)\n\nRed Hat would like to thank Sebastian Krahmer of the SuSE Security Team for reporting the CVE-2010-3435 issue.\n\nAll pam users should upgrade to these updated packages, which contain backported patches to correct these issues.", "edition": 2, "enchantments": {"score": {"value": 7.2, "vector": "NONE"}}, "hash": "2000208f749be4ef2c23d4ae34671d4b319eefff131423247c5c74901995544c", "hashmap": [{"hash": "ae1bc50e5b990553512e6fb5d727db2e", "key": "sourceData"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "324846fd6cf2905d50a87f6c0cb3eb56", "key": "references"}, {"hash": "460c04d8bb70a18eab6d2cdadd5f4147", "key": "cpe"}, {"hash": "a2e7bf4f5c22864c916efcca619a6008", "key": "description"}, {"hash": "881704d8ff5bb3a6d771d887c87e3613", "key": "cvelist"}, {"hash": "57973d24ed8f7da813f3dfe4c59a9c72", "key": "title"}, {"hash": "e31ed89ab0cbb68ce2c40f17ec1e5483", "key": "naslFamily"}, {"hash": "e8bafdc9ad5c6f47fe1e6e5fd509b7a9", "key": "cvss"}, {"hash": "a2bd92a4b5b334a8ad8d381dd31bd4c5", "key": "pluginID"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "0db193a0effe2d65dffecdb5e4d9c241", "key": "published"}, {"hash": "be3ffe9319ca8bf2f8c339435e78948f", "key": "modified"}, {"hash": "c5348a171fffd21461b13bf67d8b09fc", "key": "href"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=68132", "id": "ORACLELINUX_ELSA-2010-0819.NASL", "lastseen": "2017-10-29T13:40:06", "modified": "2015-12-01T00:00:00", "naslFamily": "Oracle Linux Local Security Checks", "objectVersion": "1.3", "pluginID": "68132", "published": "2013-07-12T00:00:00", "references": ["https://oss.oracle.com/pipermail/el-errata/2010-November/001719.html"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2010:0819 and \n# Oracle Linux Security Advisory ELSA-2010-0819 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(68132);\n script_version(\"$Revision: 1.4 $\");\n script_cvs_date(\"$Date: 2015/12/01 16:49:14 $\");\n\n script_cve_id(\"CVE-2010-3316\", \"CVE-2010-3435\", \"CVE-2010-3853\", \"CVE-2010-4707\");\n script_bugtraq_id(42472, 43487);\n script_osvdb_id(68992, 68993, 68994);\n script_xref(name:\"RHSA\", value:\"2010:0819\");\n\n script_name(english:\"Oracle Linux 5 : pam (ELSA-2010-0819)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2010:0819 :\n\nUpdated pam packages that fix three security issues are now available\nfor Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nPluggable Authentication Modules (PAM) provide a system whereby\nadministrators can set up authentication policies without having to\nrecompile programs that handle authentication.\n\nIt was discovered that the pam_namespace module executed the external\nscript namespace.init with an unchanged environment inherited from an\napplication calling PAM. In cases where such an environment was\nuntrusted (for example, when pam_namespace was configured for setuid\napplications such as su or sudo), a local, unprivileged user could\npossibly use this flaw to escalate their privileges. (CVE-2010-3853)\n\nIt was discovered that the pam_mail module used root privileges while\naccessing users' files. In certain configurations, a local,\nunprivileged user could use this flaw to obtain limited information\nabout files or directories that they do not have access to.\n(CVE-2010-3435)\n\nIt was discovered that the pam_xauth module did not verify the return\nvalues of the setuid() and setgid() system calls. A local,\nunprivileged user could use this flaw to execute the xauth command\nwith root privileges and make it read an arbitrary input file.\n(CVE-2010-3316)\n\nRed Hat would like to thank Sebastian Krahmer of the SuSE Security\nTeam for reporting the CVE-2010-3435 issue.\n\nAll pam users should upgrade to these updated packages, which contain\nbackported patches to correct these issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2010-November/001719.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected pam packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:pam\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:pam-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:5\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/11/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2015 Tenable Network Security, Inc.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !eregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = eregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 5\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL5\", reference:\"pam-0.99.6.2-6.el5_5.2\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"pam-devel-0.99.6.2-6.el5_5.2\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"pam / pam-devel\");\n}\n", "title": "Oracle Linux 5 : pam (ELSA-2010-0819)", "type": "nessus", "viewCount": 0}, "differentElements": ["modified", "sourceData"], "edition": 2, "lastseen": "2017-10-29T13:40:06"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": [], "cvelist": ["CVE-2010-4707", "CVE-2010-3316", "CVE-2010-3435", "CVE-2010-3853"], "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "description": "From Red Hat Security Advisory 2010:0819 :\n\nUpdated pam packages that fix three security issues are now available for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nPluggable Authentication Modules (PAM) provide a system whereby administrators can set up authentication policies without having to recompile programs that handle authentication.\n\nIt was discovered that the pam_namespace module executed the external script namespace.init with an unchanged environment inherited from an application calling PAM. In cases where such an environment was untrusted (for example, when pam_namespace was configured for setuid applications such as su or sudo), a local, unprivileged user could possibly use this flaw to escalate their privileges. (CVE-2010-3853)\n\nIt was discovered that the pam_mail module used root privileges while accessing users' files. In certain configurations, a local, unprivileged user could use this flaw to obtain limited information about files or directories that they do not have access to.\n(CVE-2010-3435)\n\nIt was discovered that the pam_xauth module did not verify the return values of the setuid() and setgid() system calls. A local, unprivileged user could use this flaw to execute the xauth command with root privileges and make it read an arbitrary input file.\n(CVE-2010-3316)\n\nRed Hat would like to thank Sebastian Krahmer of the SuSE Security Team for reporting the CVE-2010-3435 issue.\n\nAll pam users should upgrade to these updated packages, which contain backported patches to correct these issues.", "edition": 1, "enchantments": {}, "hash": "80dc22757a647c7bf8735d9789565b7028326ba95e7638e4b5e952de69abc924", "hashmap": [{"hash": "ae1bc50e5b990553512e6fb5d727db2e", "key": "sourceData"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "324846fd6cf2905d50a87f6c0cb3eb56", "key": "references"}, {"hash": "a2e7bf4f5c22864c916efcca619a6008", "key": "description"}, {"hash": "881704d8ff5bb3a6d771d887c87e3613", "key": "cvelist"}, {"hash": "57973d24ed8f7da813f3dfe4c59a9c72", "key": "title"}, {"hash": "e31ed89ab0cbb68ce2c40f17ec1e5483", "key": "naslFamily"}, {"hash": "e8bafdc9ad5c6f47fe1e6e5fd509b7a9", "key": "cvss"}, {"hash": "a2bd92a4b5b334a8ad8d381dd31bd4c5", "key": "pluginID"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "0db193a0effe2d65dffecdb5e4d9c241", "key": "published"}, {"hash": "be3ffe9319ca8bf2f8c339435e78948f", "key": "modified"}, {"hash": "c5348a171fffd21461b13bf67d8b09fc", "key": "href"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=68132", "id": "ORACLELINUX_ELSA-2010-0819.NASL", "lastseen": "2016-09-26T17:25:11", "modified": "2015-12-01T00:00:00", "naslFamily": "Oracle Linux Local Security Checks", "objectVersion": "1.2", "pluginID": "68132", "published": "2013-07-12T00:00:00", "references": ["https://oss.oracle.com/pipermail/el-errata/2010-November/001719.html"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2010:0819 and \n# Oracle Linux Security Advisory ELSA-2010-0819 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(68132);\n script_version(\"$Revision: 1.4 $\");\n script_cvs_date(\"$Date: 2015/12/01 16:49:14 $\");\n\n script_cve_id(\"CVE-2010-3316\", \"CVE-2010-3435\", \"CVE-2010-3853\", \"CVE-2010-4707\");\n script_bugtraq_id(42472, 43487);\n script_osvdb_id(68992, 68993, 68994);\n script_xref(name:\"RHSA\", value:\"2010:0819\");\n\n script_name(english:\"Oracle Linux 5 : pam (ELSA-2010-0819)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2010:0819 :\n\nUpdated pam packages that fix three security issues are now available\nfor Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nPluggable Authentication Modules (PAM) provide a system whereby\nadministrators can set up authentication policies without having to\nrecompile programs that handle authentication.\n\nIt was discovered that the pam_namespace module executed the external\nscript namespace.init with an unchanged environment inherited from an\napplication calling PAM. In cases where such an environment was\nuntrusted (for example, when pam_namespace was configured for setuid\napplications such as su or sudo), a local, unprivileged user could\npossibly use this flaw to escalate their privileges. (CVE-2010-3853)\n\nIt was discovered that the pam_mail module used root privileges while\naccessing users' files. In certain configurations, a local,\nunprivileged user could use this flaw to obtain limited information\nabout files or directories that they do not have access to.\n(CVE-2010-3435)\n\nIt was discovered that the pam_xauth module did not verify the return\nvalues of the setuid() and setgid() system calls. A local,\nunprivileged user could use this flaw to execute the xauth command\nwith root privileges and make it read an arbitrary input file.\n(CVE-2010-3316)\n\nRed Hat would like to thank Sebastian Krahmer of the SuSE Security\nTeam for reporting the CVE-2010-3435 issue.\n\nAll pam users should upgrade to these updated packages, which contain\nbackported patches to correct these issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2010-November/001719.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected pam packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:pam\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:pam-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:5\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/11/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2015 Tenable Network Security, Inc.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !eregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = eregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 5\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL5\", reference:\"pam-0.99.6.2-6.el5_5.2\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"pam-devel-0.99.6.2-6.el5_5.2\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"pam / pam-devel\");\n}\n", "title": "Oracle Linux 5 : pam (ELSA-2010-0819)", "type": "nessus", "viewCount": 0}, "differentElements": ["cpe"], "edition": 1, "lastseen": "2016-09-26T17:25:11"}], "edition": 7, "hashmap": [{"key": "bulletinFamily", "hash": "bbdaea376f500d25f6b0c1050311dd07"}, {"key": "cpe", "hash": "460c04d8bb70a18eab6d2cdadd5f4147"}, {"key": "cvelist", "hash": "881704d8ff5bb3a6d771d887c87e3613"}, {"key": "cvss", "hash": "e8bafdc9ad5c6f47fe1e6e5fd509b7a9"}, {"key": "description", "hash": "a2e7bf4f5c22864c916efcca619a6008"}, {"key": "href", "hash": "c5348a171fffd21461b13bf67d8b09fc"}, {"key": "modified", "hash": "2e3c438f66403fd816adabf5a1b82b29"}, {"key": "naslFamily", "hash": "e31ed89ab0cbb68ce2c40f17ec1e5483"}, {"key": "pluginID", "hash": "a2bd92a4b5b334a8ad8d381dd31bd4c5"}, {"key": "published", "hash": "0db193a0effe2d65dffecdb5e4d9c241"}, {"key": "references", "hash": "324846fd6cf2905d50a87f6c0cb3eb56"}, {"key": "reporter", "hash": "9cf00d658b687f030ebe173a0528c567"}, {"key": "sourceData", "hash": "f8ad3b9aac539a85a2dbc87b80b1b780"}, {"key": "title", "hash": "57973d24ed8f7da813f3dfe4c59a9c72"}, {"key": "type", "hash": "5e0bd03bec244039678f2b955a2595aa"}], "hash": "6b2e00c8f61a805756ef3e425fd91f30726e86a41b5c1f1b8249ceda76e0200a", "viewCount": 0, "enchantments": {"dependencies": {"references": [{"type": "oraclelinux", "idList": ["ELSA-2010-0819", "ELSA-2010-0891"]}, {"type": "nessus", "idList": ["REDHAT-RHSA-2010-0891.NASL", "CENTOS_RHSA-2010-0819.NASL", "REDHAT-RHSA-2010-0819.NASL", "ORACLELINUX_ELSA-2010-0891.NASL", "SL_20101116_PAM_ON_SL6_X.NASL", "FEDORA_2010-17112.NASL", "MANDRIVA_MDVSA-2010-220.NASL", "FEDORA_2010-17155.NASL", "SL_20101101_PAM_ON_SL5_X.NASL", "FEDORA_2010-17133.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310122256", "OPENVAS:1361412562310122300", "OPENVAS:1361412562310870355", "OPENVAS:1361412562310831231", "OPENVAS:870355", "OPENVAS:1361412562310862619", "OPENVAS:1361412562310862515", "OPENVAS:1361412562310862556", "OPENVAS:862619", "OPENVAS:862515"]}, {"type": "cve", "idList": ["CVE-2010-4707", "CVE-2010-3435", "CVE-2010-3853", "CVE-2010-3316"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:25092", "SECURITYVULNS:VULN:11240", "SECURITYVULNS:DOC:25898"]}, {"type": "redhat", "idList": ["RHSA-2010:0891", "RHSA-2010:0819"]}, {"type": "centos", "idList": ["CESA-2010:0819"]}, {"type": "ubuntu", "idList": ["USN-1140-2", "USN-1140-1"]}, {"type": "gentoo", "idList": ["GLSA-201206-31"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2011:1208-1", "SUSE-SU-2011:1207-1", "SUSE-SU-2011:1218-1", "SUSE-SU-2011:1209-1", "SUSE-SU-2011:1205-1"]}, {"type": "vmware", "idList": ["VMSA-2011-0004"]}], "modified": "2019-02-21T01:19:28"}, "score": {"value": 7.2, "vector": "NONE"}, "vulnersScore": 7.2}, "objectVersion": "1.3", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2010:0819 and \n# Oracle Linux Security Advisory ELSA-2010-0819 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(68132);\n script_version(\"1.5\");\n script_cvs_date(\"Date: 2018/07/18 17:43:56\");\n\n script_cve_id(\"CVE-2010-3316\", \"CVE-2010-3435\", \"CVE-2010-3853\", \"CVE-2010-4707\");\n script_bugtraq_id(42472, 43487);\n script_xref(name:\"RHSA\", value:\"2010:0819\");\n\n script_name(english:\"Oracle Linux 5 : pam (ELSA-2010-0819)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2010:0819 :\n\nUpdated pam packages that fix three security issues are now available\nfor Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nPluggable Authentication Modules (PAM) provide a system whereby\nadministrators can set up authentication policies without having to\nrecompile programs that handle authentication.\n\nIt was discovered that the pam_namespace module executed the external\nscript namespace.init with an unchanged environment inherited from an\napplication calling PAM. In cases where such an environment was\nuntrusted (for example, when pam_namespace was configured for setuid\napplications such as su or sudo), a local, unprivileged user could\npossibly use this flaw to escalate their privileges. (CVE-2010-3853)\n\nIt was discovered that the pam_mail module used root privileges while\naccessing users' files. In certain configurations, a local,\nunprivileged user could use this flaw to obtain limited information\nabout files or directories that they do not have access to.\n(CVE-2010-3435)\n\nIt was discovered that the pam_xauth module did not verify the return\nvalues of the setuid() and setgid() system calls. A local,\nunprivileged user could use this flaw to execute the xauth command\nwith root privileges and make it read an arbitrary input file.\n(CVE-2010-3316)\n\nRed Hat would like to thank Sebastian Krahmer of the SuSE Security\nTeam for reporting the CVE-2010-3435 issue.\n\nAll pam users should upgrade to these updated packages, which contain\nbackported patches to correct these issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2010-November/001719.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected pam packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:pam\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:pam-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:5\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/11/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !eregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = eregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 5\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL5\", reference:\"pam-0.99.6.2-6.el5_5.2\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"pam-devel-0.99.6.2-6.el5_5.2\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"pam / pam-devel\");\n}\n", "naslFamily": "Oracle Linux Local Security Checks", "pluginID": "68132", "cpe": ["p-cpe:/a:oracle:linux:pam", "cpe:/o:oracle:linux:5", "p-cpe:/a:oracle:linux:pam-devel"], "scheme": null}

{"nessus": [{"lastseen": "2019-02-21T01:14:08", "bulletinFamily": "scanner", "description": "Updated pam packages that fix three security issues are now available for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nPluggable Authentication Modules (PAM) provide a system whereby administrators can set up authentication policies without having to recompile programs that handle authentication.\n\nIt was discovered that the pam_namespace module executed the external script namespace.init with an unchanged environment inherited from an application calling PAM. In cases where such an environment was untrusted (for example, when pam_namespace was configured for setuid applications such as su or sudo), a local, unprivileged user could possibly use this flaw to escalate their privileges. (CVE-2010-3853)\n\nIt was discovered that the pam_mail module used root privileges while accessing users' files. In certain configurations, a local, unprivileged user could use this flaw to obtain limited information about files or directories that they do not have access to.\n(CVE-2010-3435)\n\nIt was discovered that the pam_xauth module did not verify the return values of the setuid() and setgid() system calls. A local, unprivileged user could use this flaw to execute the xauth command with root privileges and make it read an arbitrary input file.\n(CVE-2010-3316)\n\nRed Hat would like to thank Sebastian Krahmer of the SuSE Security Team for reporting the CVE-2010-3435 issue.\n\nAll pam users should upgrade to these updated packages, which contain backported patches to correct these issues.", "modified": "2018-11-10T00:00:00", "id": "CENTOS_RHSA-2010-0819.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=50804", "published": "2010-11-24T00:00:00", "title": "CentOS 5 : pam (CESA-2010:0819)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2010:0819 and \n# CentOS Errata and Security Advisory 2010:0819 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(50804);\n script_version(\"1.8\");\n script_cvs_date(\"Date: 2018/11/10 11:49:29\");\n\n script_cve_id(\"CVE-2010-3316\", \"CVE-2010-3435\", \"CVE-2010-3853\", \"CVE-2010-4707\");\n script_bugtraq_id(42472, 43487);\n script_xref(name:\"RHSA\", value:\"2010:0819\");\n\n script_name(english:\"CentOS 5 : pam (CESA-2010:0819)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated pam packages that fix three security issues are now available\nfor Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nPluggable Authentication Modules (PAM) provide a system whereby\nadministrators can set up authentication policies without having to\nrecompile programs that handle authentication.\n\nIt was discovered that the pam_namespace module executed the external\nscript namespace.init with an unchanged environment inherited from an\napplication calling PAM. In cases where such an environment was\nuntrusted (for example, when pam_namespace was configured for setuid\napplications such as su or sudo), a local, unprivileged user could\npossibly use this flaw to escalate their privileges. (CVE-2010-3853)\n\nIt was discovered that the pam_mail module used root privileges while\naccessing users' files. In certain configurations, a local,\nunprivileged user could use this flaw to obtain limited information\nabout files or directories that they do not have access to.\n(CVE-2010-3435)\n\nIt was discovered that the pam_xauth module did not verify the return\nvalues of the setuid() and setgid() system calls. A local,\nunprivileged user could use this flaw to execute the xauth command\nwith root privileges and make it read an arbitrary input file.\n(CVE-2010-3316)\n\nRed Hat would like to thank Sebastian Krahmer of the SuSE Security\nTeam for reporting the CVE-2010-3435 issue.\n\nAll pam users should upgrade to these updated packages, which contain\nbackported patches to correct these issues.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2010-November/017139.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?e8967763\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2010-November/017140.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?d9b01bd5\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected pam packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:pam\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:pam-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:5\");\n\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/11/24\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/CentOS/release\")) audit(AUDIT_OS_NOT, \"CentOS\");\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-5\", reference:\"pam-0.99.6.2-6.el5_5.2\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"pam-devel-0.99.6.2-6.el5_5.2\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-02-21T01:14:07", "bulletinFamily": "scanner", "description": "Updated pam packages that fix three security issues are now available for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nPluggable Authentication Modules (PAM) provide a system whereby administrators can set up authentication policies without having to recompile programs that handle authentication.\n\nIt was discovered that the pam_namespace module executed the external script namespace.init with an unchanged environment inherited from an application calling PAM. In cases where such an environment was untrusted (for example, when pam_namespace was configured for setuid applications such as su or sudo), a local, unprivileged user could possibly use this flaw to escalate their privileges. (CVE-2010-3853)\n\nIt was discovered that the pam_env and pam_mail modules used root privileges while accessing user's files. A local, unprivileged user could use this flaw to obtain information, from the lines that have the KEY=VALUE format expected by pam_env, from an arbitrary file.\nAlso, in certain configurations, a local, unprivileged user using a service for which the pam_mail module was configured for, could use this flaw to obtain limited information about files or directories that they do not have access to. (CVE-2010-3435)\n\nNote: As part of the fix for CVE-2010-3435, this update changes the default value of pam_env's configuration option user_readenv to 0, causing the module to not read user's ~/.pam_environment configuration file by default, as reading it may introduce unexpected changes to the environment of the service using PAM, or PAM modules consulted after pam_env.\n\nIt was discovered that the pam_xauth module did not verify the return values of the setuid() and setgid() system calls. A local, unprivileged user could use this flaw to execute the xauth command with root privileges and make it read an arbitrary input file.\n(CVE-2010-3316)\n\nRed Hat would like to thank Sebastian Krahmer of the SuSE Security Team for reporting the CVE-2010-3435 issue.\n\nAll pam users should upgrade to these updated packages, which contain backported patches to correct these issues.", "modified": "2018-11-28T00:00:00", "id": "REDHAT-RHSA-2010-0891.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=50644", "published": "2010-11-18T00:00:00", "title": "RHEL 6 : pam (RHSA-2010:0891)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2010:0891. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(50644);\n script_version (\"1.16\");\n script_cvs_date(\"Date: 2018/11/28 11:42:05\");\n\n script_cve_id(\"CVE-2010-3316\", \"CVE-2010-3435\", \"CVE-2010-3853\", \"CVE-2010-4707\", \"CVE-2010-4708\");\n script_bugtraq_id(42472, 43487, 44590);\n script_xref(name:\"RHSA\", value:\"2010:0891\");\n\n script_name(english:\"RHEL 6 : pam (RHSA-2010:0891)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated pam packages that fix three security issues are now available\nfor Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nPluggable Authentication Modules (PAM) provide a system whereby\nadministrators can set up authentication policies without having to\nrecompile programs that handle authentication.\n\nIt was discovered that the pam_namespace module executed the external\nscript namespace.init with an unchanged environment inherited from an\napplication calling PAM. In cases where such an environment was\nuntrusted (for example, when pam_namespace was configured for setuid\napplications such as su or sudo), a local, unprivileged user could\npossibly use this flaw to escalate their privileges. (CVE-2010-3853)\n\nIt was discovered that the pam_env and pam_mail modules used root\nprivileges while accessing user's files. A local, unprivileged user\ncould use this flaw to obtain information, from the lines that have\nthe KEY=VALUE format expected by pam_env, from an arbitrary file.\nAlso, in certain configurations, a local, unprivileged user using a\nservice for which the pam_mail module was configured for, could use\nthis flaw to obtain limited information about files or directories\nthat they do not have access to. (CVE-2010-3435)\n\nNote: As part of the fix for CVE-2010-3435, this update changes the\ndefault value of pam_env's configuration option user_readenv to 0,\ncausing the module to not read user's ~/.pam_environment configuration\nfile by default, as reading it may introduce unexpected changes to the\nenvironment of the service using PAM, or PAM modules consulted after\npam_env.\n\nIt was discovered that the pam_xauth module did not verify the return\nvalues of the setuid() and setgid() system calls. A local,\nunprivileged user could use this flaw to execute the xauth command\nwith root privileges and make it read an arbitrary input file.\n(CVE-2010-3316)\n\nRed Hat would like to thank Sebastian Krahmer of the SuSE Security\nTeam for reporting the CVE-2010-3435 issue.\n\nAll pam users should upgrade to these updated packages, which contain\nbackported patches to correct these issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-3316\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-3435\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-3853\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-4707\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-4708\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2010:0891\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected pam, pam-debuginfo and / or pam-devel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:pam\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:pam-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:pam-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/11/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/11/18\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = eregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2010:0891\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL6\", reference:\"pam-1.1.1-4.el6_0.1\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"pam-debuginfo-1.1.1-4.el6_0.1\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"pam-devel-1.1.1-4.el6_0.1\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"pam / pam-debuginfo / pam-devel\");\n }\n}\n", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-02-21T01:19:28", "bulletinFamily": "scanner", "description": "From Red Hat Security Advisory 2010:0891 :\n\nUpdated pam packages that fix three security issues are now available for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nPluggable Authentication Modules (PAM) provide a system whereby administrators can set up authentication policies without having to recompile programs that handle authentication.\n\nIt was discovered that the pam_namespace module executed the external script namespace.init with an unchanged environment inherited from an application calling PAM. In cases where such an environment was untrusted (for example, when pam_namespace was configured for setuid applications such as su or sudo), a local, unprivileged user could possibly use this flaw to escalate their privileges. (CVE-2010-3853)\n\nIt was discovered that the pam_env and pam_mail modules used root privileges while accessing user's files. A local, unprivileged user could use this flaw to obtain information, from the lines that have the KEY=VALUE format expected by pam_env, from an arbitrary file.\nAlso, in certain configurations, a local, unprivileged user using a service for which the pam_mail module was configured for, could use this flaw to obtain limited information about files or directories that they do not have access to. (CVE-2010-3435)\n\nNote: As part of the fix for CVE-2010-3435, this update changes the default value of pam_env's configuration option user_readenv to 0, causing the module to not read user's ~/.pam_environment configuration file by default, as reading it may introduce unexpected changes to the environment of the service using PAM, or PAM modules consulted after pam_env.\n\nIt was discovered that the pam_xauth module did not verify the return values of the setuid() and setgid() system calls. A local, unprivileged user could use this flaw to execute the xauth command with root privileges and make it read an arbitrary input file.\n(CVE-2010-3316)\n\nRed Hat would like to thank Sebastian Krahmer of the SuSE Security Team for reporting the CVE-2010-3435 issue.\n\nAll pam users should upgrade to these updated packages, which contain backported patches to correct these issues.", "modified": "2018-07-18T00:00:00", "id": "ORACLELINUX_ELSA-2010-0891.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=68144", "published": "2013-07-12T00:00:00", "title": "Oracle Linux 6 : pam (ELSA-2010-0891)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2010:0891 and \n# Oracle Linux Security Advisory ELSA-2010-0891 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(68144);\n script_version(\"1.5\");\n script_cvs_date(\"Date: 2018/07/18 17:43:56\");\n\n script_cve_id(\"CVE-2010-3316\", \"CVE-2010-3435\", \"CVE-2010-3853\", \"CVE-2010-4707\", \"CVE-2010-4708\");\n script_bugtraq_id(42472, 43487, 44590);\n script_xref(name:\"RHSA\", value:\"2010:0891\");\n\n script_name(english:\"Oracle Linux 6 : pam (ELSA-2010-0891)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2010:0891 :\n\nUpdated pam packages that fix three security issues are now available\nfor Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nPluggable Authentication Modules (PAM) provide a system whereby\nadministrators can set up authentication policies without having to\nrecompile programs that handle authentication.\n\nIt was discovered that the pam_namespace module executed the external\nscript namespace.init with an unchanged environment inherited from an\napplication calling PAM. In cases where such an environment was\nuntrusted (for example, when pam_namespace was configured for setuid\napplications such as su or sudo), a local, unprivileged user could\npossibly use this flaw to escalate their privileges. (CVE-2010-3853)\n\nIt was discovered that the pam_env and pam_mail modules used root\nprivileges while accessing user's files. A local, unprivileged user\ncould use this flaw to obtain information, from the lines that have\nthe KEY=VALUE format expected by pam_env, from an arbitrary file.\nAlso, in certain configurations, a local, unprivileged user using a\nservice for which the pam_mail module was configured for, could use\nthis flaw to obtain limited information about files or directories\nthat they do not have access to. (CVE-2010-3435)\n\nNote: As part of the fix for CVE-2010-3435, this update changes the\ndefault value of pam_env's configuration option user_readenv to 0,\ncausing the module to not read user's ~/.pam_environment configuration\nfile by default, as reading it may introduce unexpected changes to the\nenvironment of the service using PAM, or PAM modules consulted after\npam_env.\n\nIt was discovered that the pam_xauth module did not verify the return\nvalues of the setuid() and setgid() system calls. A local,\nunprivileged user could use this flaw to execute the xauth command\nwith root privileges and make it read an arbitrary input file.\n(CVE-2010-3316)\n\nRed Hat would like to thank Sebastian Krahmer of the SuSE Security\nTeam for reporting the CVE-2010-3435 issue.\n\nAll pam users should upgrade to these updated packages, which contain\nbackported patches to correct these issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2011-February/001841.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected pam packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:pam\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:pam-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/02/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !eregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = eregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 6\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL6\", reference:\"pam-1.1.1-4.el6_0.1\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"pam-devel-1.1.1-4.el6_0.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"pam / pam-devel\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-02-21T01:14:03", "bulletinFamily": "scanner", "description": "Updated pam packages that fix three security issues are now available for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nPluggable Authentication Modules (PAM) provide a system whereby administrators can set up authentication policies without having to recompile programs that handle authentication.\n\nIt was discovered that the pam_namespace module executed the external script namespace.init with an unchanged environment inherited from an application calling PAM. In cases where such an environment was untrusted (for example, when pam_namespace was configured for setuid applications such as su or sudo), a local, unprivileged user could possibly use this flaw to escalate their privileges. (CVE-2010-3853)\n\nIt was discovered that the pam_mail module used root privileges while accessing users' files. In certain configurations, a local, unprivileged user could use this flaw to obtain limited information about files or directories that they do not have access to.\n(CVE-2010-3435)\n\nIt was discovered that the pam_xauth module did not verify the return values of the setuid() and setgid() system calls. A local, unprivileged user could use this flaw to execute the xauth command with root privileges and make it read an arbitrary input file.\n(CVE-2010-3316)\n\nRed Hat would like to thank Sebastian Krahmer of the SuSE Security Team for reporting the CVE-2010-3435 issue.\n\nAll pam users should upgrade to these updated packages, which contain backported patches to correct these issues.", "modified": "2018-11-28T00:00:00", "id": "REDHAT-RHSA-2010-0819.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=50447", "published": "2010-11-02T00:00:00", "title": "RHEL 5 : pam (RHSA-2010:0819)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2010:0819. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(50447);\n script_version (\"1.16\");\n script_cvs_date(\"Date: 2018/11/28 11:42:05\");\n\n script_cve_id(\"CVE-2010-3316\", \"CVE-2010-3435\", \"CVE-2010-3853\", \"CVE-2010-4707\");\n script_bugtraq_id(42472, 43487);\n script_xref(name:\"RHSA\", value:\"2010:0819\");\n\n script_name(english:\"RHEL 5 : pam (RHSA-2010:0819)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated pam packages that fix three security issues are now available\nfor Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nPluggable Authentication Modules (PAM) provide a system whereby\nadministrators can set up authentication policies without having to\nrecompile programs that handle authentication.\n\nIt was discovered that the pam_namespace module executed the external\nscript namespace.init with an unchanged environment inherited from an\napplication calling PAM. In cases where such an environment was\nuntrusted (for example, when pam_namespace was configured for setuid\napplications such as su or sudo), a local, unprivileged user could\npossibly use this flaw to escalate their privileges. (CVE-2010-3853)\n\nIt was discovered that the pam_mail module used root privileges while\naccessing users' files. In certain configurations, a local,\nunprivileged user could use this flaw to obtain limited information\nabout files or directories that they do not have access to.\n(CVE-2010-3435)\n\nIt was discovered that the pam_xauth module did not verify the return\nvalues of the setuid() and setgid() system calls. A local,\nunprivileged user could use this flaw to execute the xauth command\nwith root privileges and make it read an arbitrary input file.\n(CVE-2010-3316)\n\nRed Hat would like to thank Sebastian Krahmer of the SuSE Security\nTeam for reporting the CVE-2010-3435 issue.\n\nAll pam users should upgrade to these updated packages, which contain\nbackported patches to correct these issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-3316\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-3435\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-3853\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-4707\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2010:0819\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected pam and / or pam-devel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:pam\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:pam-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/11/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/11/02\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = eregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 5.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2010:0819\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL5\", reference:\"pam-0.99.6.2-6.el5_5.2\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"pam-devel-0.99.6.2-6.el5_5.2\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"pam / pam-devel\");\n }\n}\n", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-02-21T01:14:04", "bulletinFamily": "scanner", "description": "This update fixes moderate vulnerabilities in pam_env, pam_namespace, pam_mail, and pam_xauth modules. Default configurations (or configurations generated by authconfig) are not affected by the pam_mail and pam_namespace vulnerabilities.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "modified": "2015-10-20T00:00:00", "id": "FEDORA_2010-17112.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=50486", "published": "2010-11-05T00:00:00", "title": "Fedora 13 : pam-1.1.1-6.fc13 (2010-17112)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2010-17112.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(50486);\n script_version(\"$Revision: 1.11 $\");\n script_cvs_date(\"$Date: 2015/10/20 21:13:53 $\");\n\n script_cve_id(\"CVE-2010-3316\", \"CVE-2010-3435\", \"CVE-2010-3853\");\n script_bugtraq_id(42472, 43487, 44590);\n script_xref(name:\"FEDORA\", value:\"2010-17112\");\n\n script_name(english:\"Fedora 13 : pam-1.1.1-6.fc13 (2010-17112)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update fixes moderate vulnerabilities in pam_env, pam_namespace,\npam_mail, and pam_xauth modules. Default configurations (or\nconfigurations generated by authconfig) are not affected by the\npam_mail and pam_namespace vulnerabilities.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=637898\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=641335\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=643043\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2010-November/050260.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?b20f03ab\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected pam package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:pam\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:13\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/11/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/11/05\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2015 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^13([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 13.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC13\", reference:\"pam-1.1.1-6.fc13\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"pam\");\n}\n", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-02-21T01:17:16", "bulletinFamily": "scanner", "description": "It was discovered that the pam_namespace module executed the external script namespace.init with an unchanged environment inherited from an application calling PAM. In cases where such an environment was untrusted (for example, when pam_namespace was configured for setuid applications such as su or sudo), a local, unprivileged user could possibly use this flaw to escalate their privileges. (CVE-2010-3853)\n\nIt was discovered that the pam_mail module used root privileges while accessing users' files. In certain configurations, a local, unprivileged user could use this flaw to obtain limited information about files or directories that they do not have access to.\n(CVE-2010-3435)\n\nIt was discovered that the pam_xauth module did not verify the return values of the setuid() and setgid() system calls. A local, unprivileged user could use this flaw to execute the xauth command with root privileges and make it read an arbitrary input file.\n(CVE-2010-3316)", "modified": "2019-01-02T00:00:00", "id": "SL_20101101_PAM_ON_SL5_X.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=60882", "published": "2012-08-01T00:00:00", "title": "Scientific Linux Security Update : pam on SL5.x i386/x86_64", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(60882);\n script_version(\"1.2\");\n script_cvs_date(\"Date: 2019/01/02 10:36:43\");\n\n script_cve_id(\"CVE-2010-3316\", \"CVE-2010-3435\", \"CVE-2010-3853\");\n\n script_name(english:\"Scientific Linux Security Update : pam on SL5.x i386/x86_64\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was discovered that the pam_namespace module executed the external\nscript namespace.init with an unchanged environment inherited from an\napplication calling PAM. In cases where such an environment was\nuntrusted (for example, when pam_namespace was configured for setuid\napplications such as su or sudo), a local, unprivileged user could\npossibly use this flaw to escalate their privileges. (CVE-2010-3853)\n\nIt was discovered that the pam_mail module used root privileges while\naccessing users' files. In certain configurations, a local,\nunprivileged user could use this flaw to obtain limited information\nabout files or directories that they do not have access to.\n(CVE-2010-3435)\n\nIt was discovered that the pam_xauth module did not verify the return\nvalues of the setuid() and setgid() system calls. A local,\nunprivileged user could use this flaw to execute the xauth command\nwith root privileges and make it read an arbitrary input file.\n(CVE-2010-3316)\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1011&L=scientific-linux-errata&T=0&P=79\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?6fb638b2\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected pam and / or pam-devel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/11/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/08/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL5\", reference:\"pam-0.99.6.2-6.el5_5.2\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"pam-devel-0.99.6.2-6.el5_5.2\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-02-21T01:14:04", "bulletinFamily": "scanner", "description": "This update fixes moderate vulnerabilities in pam_env, pam_namespace, pam_mail, and pam_xauth modules. Default configurations (or configurations generated by authconfig) are not affected by the pam_mail and pam_namespace vulnerabilities.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "modified": "2015-10-20T00:00:00", "id": "FEDORA_2010-17155.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=50508", "published": "2010-11-08T00:00:00", "title": "Fedora 14 : pam-1.1.1-6.fc14 (2010-17155)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2010-17155.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(50508);\n script_version(\"$Revision: 1.11 $\");\n script_cvs_date(\"$Date: 2015/10/20 21:13:53 $\");\n\n script_cve_id(\"CVE-2010-3316\", \"CVE-2010-3435\", \"CVE-2010-3853\");\n script_bugtraq_id(42472, 43487, 44590);\n script_xref(name:\"FEDORA\", value:\"2010-17155\");\n\n script_name(english:\"Fedora 14 : pam-1.1.1-6.fc14 (2010-17155)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update fixes moderate vulnerabilities in pam_env, pam_namespace,\npam_mail, and pam_xauth modules. Default configurations (or\nconfigurations generated by authconfig) are not affected by the\npam_mail and pam_namespace vulnerabilities.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=637898\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=641335\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=643043\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2010-November/050475.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?cd3a90f5\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected pam package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:pam\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:14\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/11/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/11/08\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2015 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^14([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 14.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC14\", reference:\"pam-1.1.1-6.fc14\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"pam\");\n}\n", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-02-21T01:14:06", "bulletinFamily": "scanner", "description": "This update fixes moderate vulnerabilities in pam_env, pam_namespace, pam_mail, and pam_xauth modules. Default configurations (or configurations generated by authconfig) are not affected by the pam_mail and pam_namespace vulnerabilities.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "modified": "2015-10-20T00:00:00", "id": "FEDORA_2010-17133.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=50626", "published": "2010-11-18T00:00:00", "title": "Fedora 12 : pam-1.1.1-6.fc12 (2010-17133)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2010-17133.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(50626);\n script_version(\"$Revision: 1.9 $\");\n script_cvs_date(\"$Date: 2015/10/20 21:13:53 $\");\n\n script_cve_id(\"CVE-2010-3316\", \"CVE-2010-3435\", \"CVE-2010-3853\");\n script_xref(name:\"FEDORA\", value:\"2010-17133\");\n\n script_name(english:\"Fedora 12 : pam-1.1.1-6.fc12 (2010-17133)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update fixes moderate vulnerabilities in pam_env, pam_namespace,\npam_mail, and pam_xauth modules. Default configurations (or\nconfigurations generated by authconfig) are not affected by the\npam_mail and pam_namespace vulnerabilities.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=637898\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=641335\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=643043\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2010-November/050991.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?5c670c2f\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected pam package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:pam\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:12\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/11/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/11/18\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2015 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^12([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 12.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC12\", reference:\"pam-1.1.1-6.fc12\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"pam\");\n}\n", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-02-21T01:14:04", "bulletinFamily": "scanner", "description": "Multiple vulnerabilities were discovered and corrected in pam :\n\nThe pam_xauth module did not verify the return values of the setuid() and setgid() system calls. A local, unprivileged user could use this flaw to execute the xauth command with root privileges and make it read an arbitrary input file (CVE-2010-3316).\n\nThe pam_mail module used root privileges while accessing users' files.\nIn certain configurations, a local, unprivileged user could use this flaw to obtain limited information about files or directories that they do not have access to (CVE-2010-3435).\n\nThe pam_namespace module executed the external script namespace.init with an unchanged environment inherited from an application calling PAM. In cases where such an environment was untrusted (for example, when pam_namespace was configured for setuid applications such as su or sudo), a local, unprivileged user could possibly use this flaw to escalate their privileges (CVE-2010-3853).\n\nPackages for 2009.0 are provided as of the Extended Maintenance Program. Please visit this link to learn more:\nhttp://store.mandriva.com/product_info.php?cPath=149&amp;products_id=4 90\n\nThe updated packages have been patched to correct these issues.", "modified": "2018-07-19T00:00:00", "id": "MANDRIVA_MDVSA-2010-220.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=50472", "published": "2010-11-04T00:00:00", "title": "Mandriva Linux Security Advisory : pam (MDVSA-2010:220)", "type": "nessus", "sourceData": "#%NASL_MIN_LEVEL 70103\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2010:220. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(50472);\n script_version(\"1.12\");\n script_cvs_date(\"Date: 2018/07/19 20:59:17\");\n\n script_cve_id(\"CVE-2010-3316\", \"CVE-2010-3435\", \"CVE-2010-3853\");\n script_bugtraq_id(42472, 43487, 44590);\n script_xref(name:\"MDVSA\", value:\"2010:220\");\n\n script_name(english:\"Mandriva Linux Security Advisory : pam (MDVSA-2010:220)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandriva Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple vulnerabilities were discovered and corrected in pam :\n\nThe pam_xauth module did not verify the return values of the setuid()\nand setgid() system calls. A local, unprivileged user could use this\nflaw to execute the xauth command with root privileges and make it\nread an arbitrary input file (CVE-2010-3316).\n\nThe pam_mail module used root privileges while accessing users' files.\nIn certain configurations, a local, unprivileged user could use this\nflaw to obtain limited information about files or directories that\nthey do not have access to (CVE-2010-3435).\n\nThe pam_namespace module executed the external script namespace.init\nwith an unchanged environment inherited from an application calling\nPAM. In cases where such an environment was untrusted (for example,\nwhen pam_namespace was configured for setuid applications such as su\nor sudo), a local, unprivileged user could possibly use this flaw to\nescalate their privileges (CVE-2010-3853).\n\nPackages for 2009.0 are provided as of the Extended Maintenance\nProgram. Please visit this link to learn more:\nhttp://store.mandriva.com/product_info.php?cPath=149&amp;products_id=4\n90\n\nThe updated packages have been patched to correct these issues.\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64pam-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64pam0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libpam-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libpam0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:pam\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:pam-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2009.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2009.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2010.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2010.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/11/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/11/04\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"x86_64\", reference:\"lib64pam-devel-0.99.8.1-16.2mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"x86_64\", reference:\"lib64pam0-0.99.8.1-16.2mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"i386\", reference:\"libpam-devel-0.99.8.1-16.2mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"i386\", reference:\"libpam0-0.99.8.1-16.2mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"pam-0.99.8.1-16.2mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"pam-doc-0.99.8.1-16.2mdv2009.0\", yank:\"mdv\")) flag++;\n\nif (rpm_check(release:\"MDK2009.1\", cpu:\"x86_64\", reference:\"lib64pam-devel-0.99.8.1-20.1mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", cpu:\"x86_64\", reference:\"lib64pam0-0.99.8.1-20.1mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", cpu:\"i386\", reference:\"libpam-devel-0.99.8.1-20.1mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", cpu:\"i386\", reference:\"libpam0-0.99.8.1-20.1mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"pam-0.99.8.1-20.1mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"pam-doc-0.99.8.1-20.1mdv2009.1\", yank:\"mdv\")) flag++;\n\nif (rpm_check(release:\"MDK2010.0\", cpu:\"x86_64\", reference:\"lib64pam-devel-1.1.0-6.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", cpu:\"x86_64\", reference:\"lib64pam0-1.1.0-6.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", cpu:\"i386\", reference:\"libpam-devel-1.1.0-6.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", cpu:\"i386\", reference:\"libpam0-1.1.0-6.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"pam-1.1.0-6.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"pam-doc-1.1.0-6.1mdv2010.0\", yank:\"mdv\")) flag++;\n\nif (rpm_check(release:\"MDK2010.1\", cpu:\"x86_64\", reference:\"lib64pam-devel-1.1.1-2.1mdv2010.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"x86_64\", reference:\"lib64pam0-1.1.1-2.1mdv2010.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"i386\", reference:\"libpam-devel-1.1.1-2.1mdv2010.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"i386\", reference:\"libpam0-1.1.1-2.1mdv2010.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"pam-1.1.1-2.1mdv2010.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"pam-doc-1.1.1-2.1mdv2010.1\", yank:\"mdv\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-02-21T01:17:17", "bulletinFamily": "scanner", "description": "It was discovered that the pam_namespace module executed the external script namespace.init with an unchanged environment inherited from an application calling PAM. In cases where such an environment was untrusted (for example, when pam_namespace was configured for setuid applications such as su or sudo), a local, unprivileged user could possibly use this flaw to escalate their privileges. (CVE-2010-3853)\n\nIt was discovered that the pam_env and pam_mail modules used root privileges while accessing user's files. A local, unprivileged user could use this flaw to obtain information, from the lines that have the KEY=VALUE format expected by pam_env, from an arbitrary file.\nAlso, in certain configurations, a local, unprivileged user using a service for which the pam_mail module was configured for, could use this flaw to obtain limited information about files or directories that they do not have access to. (CVE-2010-3435)\n\nNote: As part of the fix for CVE-2010-3435, this update changes the default value of pam_env's configuration option user_readenv to 0, causing the module to not read user's ~/.pam_environment configuration file by default, as reading it may introduce unexpected changes to the environment of the service using PAM, or PAM modules consulted after pam_env.\n\nIt was discovered that the pam_xauth module did not verify the return values of the setuid() and setgid() system calls. A local, unprivileged user could use this flaw to execute the xauth command with root privileges and make it read an arbitrary input file.\n(CVE-2010-3316)", "modified": "2019-01-02T00:00:00", "id": "SL_20101116_PAM_ON_SL6_X.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=60901", "published": "2012-08-01T00:00:00", "title": "Scientific Linux Security Update : pam on SL6.x i386/x86_64", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(60901);\n script_version(\"1.2\");\n script_cvs_date(\"Date: 2019/01/02 10:36:43\");\n\n script_cve_id(\"CVE-2010-3316\", \"CVE-2010-3435\", \"CVE-2010-3853\");\n\n script_name(english:\"Scientific Linux Security Update : pam on SL6.x i386/x86_64\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was discovered that the pam_namespace module executed the external\nscript namespace.init with an unchanged environment inherited from an\napplication calling PAM. In cases where such an environment was\nuntrusted (for example, when pam_namespace was configured for setuid\napplications such as su or sudo), a local, unprivileged user could\npossibly use this flaw to escalate their privileges. (CVE-2010-3853)\n\nIt was discovered that the pam_env and pam_mail modules used root\nprivileges while accessing user's files. A local, unprivileged user\ncould use this flaw to obtain information, from the lines that have\nthe KEY=VALUE format expected by pam_env, from an arbitrary file.\nAlso, in certain configurations, a local, unprivileged user using a\nservice for which the pam_mail module was configured for, could use\nthis flaw to obtain limited information about files or directories\nthat they do not have access to. (CVE-2010-3435)\n\nNote: As part of the fix for CVE-2010-3435, this update changes the\ndefault value of pam_env's configuration option user_readenv to 0,\ncausing the module to not read user's ~/.pam_environment configuration\nfile by default, as reading it may introduce unexpected changes to the\nenvironment of the service using PAM, or PAM modules consulted after\npam_env.\n\nIt was discovered that the pam_xauth module did not verify the return\nvalues of the setuid() and setgid() system calls. A local,\nunprivileged user could use this flaw to execute the xauth command\nwith root privileges and make it read an arbitrary input file.\n(CVE-2010-3316)\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1103&L=scientific-linux-errata&T=0&P=3075\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?154c26b4\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected pam and / or pam-devel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/11/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/08/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL6\", reference:\"pam-1.1.1-4.el6_0.1\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"pam-devel-1.1.1-4.el6_0.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "openvas": [{"lastseen": "2018-09-28T18:24:25", "bulletinFamily": "scanner", "description": "Oracle Linux Local Security Checks ELSA-2010-0819", "modified": "2018-09-28T00:00:00", "published": "2015-10-06T00:00:00", "id": "OPENVAS:1361412562310122300", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310122300", "title": "Oracle Linux Local Check: ELSA-2010-0819", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2010-0819.nasl 11688 2018-09-28 13:36:28Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.122300\");\n script_version(\"$Revision: 11688 $\");\n script_tag(name:\"creation_date\", value:\"2015-10-06 14:16:16 +0300 (Tue, 06 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 15:36:28 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2010-0819\");\n script_tag(name:\"insight\", value:\"ELSA-2010-0819 - pam security update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2010-0819\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2010-0819.html\");\n script_cve_id(\"CVE-2010-3316\", \"CVE-2010-3435\", \"CVE-2010-3853\", \"CVE-2010-4707\");\n script_tag(name:\"cvss_base\", value:\"6.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux5\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux5\")\n{\n if ((res = isrpmvuln(pkg:\"pam\", rpm:\"pam~0.99.6.2~6.el5_5.2\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"pam-devel\", rpm:\"pam-devel~0.99.6.2~6.el5_5.2\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-09-28T18:24:22", "bulletinFamily": "scanner", "description": "Oracle Linux Local Security Checks ELSA-2010-0891", "modified": "2018-09-28T00:00:00", "published": "2015-10-06T00:00:00", "id": "OPENVAS:1361412562310122256", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310122256", "title": "Oracle Linux Local Check: ELSA-2010-0891", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2010-0891.nasl 11688 2018-09-28 13:36:28Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.122256\");\n script_version(\"$Revision: 11688 $\");\n script_tag(name:\"creation_date\", value:\"2015-10-06 14:15:33 +0300 (Tue, 06 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 15:36:28 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2010-0891\");\n script_tag(name:\"insight\", value:\"ELSA-2010-0891 - pam security update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2010-0891\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2010-0891.html\");\n script_cve_id(\"CVE-2010-3316\", \"CVE-2010-3435\", \"CVE-2010-3853\", \"CVE-2010-4707\", \"CVE-2010-4708\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux6\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux6\")\n{\n if ((res = isrpmvuln(pkg:\"pam\", rpm:\"pam~1.1.1~4.el6_0.1\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"pam-devel\", rpm:\"pam-devel~1.1.1~4.el6_0.1\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-01-18T11:04:51", "bulletinFamily": "scanner", "description": "Check for the Version of pam", "modified": "2018-01-17T00:00:00", "published": "2010-11-23T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310862556", "id": "OPENVAS:1361412562310862556", "title": "Fedora Update for pam FEDORA-2010-17133", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for pam FEDORA-2010-17133\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"pam on Fedora 12\";\ntag_insight = \"PAM (Pluggable Authentication Modules) is a system security tool that\n allows system administrators to set authentication policy without\n having to recompile programs that handle authentication.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050991.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.862556\");\n script_version(\"$Revision: 8440 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-17 08:58:46 +0100 (Wed, 17 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2010-11-23 15:30:07 +0100 (Tue, 23 Nov 2010)\");\n script_tag(name:\"cvss_base\", value:\"6.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"FEDORA\", value: \"2010-17133\");\n script_cve_id(\"CVE-2010-3316\", \"CVE-2010-3435\", \"CVE-2010-3853\");\n script_name(\"Fedora Update for pam FEDORA-2010-17133\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of pam\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC12\")\n{\n\n if ((res = isrpmvuln(pkg:\"pam\", rpm:\"pam~1.1.1~6.fc12\", rls:\"FC12\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-01-02T10:54:24", "bulletinFamily": "scanner", "description": "Check for the Version of pam", "modified": "2018-01-01T00:00:00", "published": "2010-11-16T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310862515", "id": "OPENVAS:1361412562310862515", "title": "Fedora Update for pam FEDORA-2010-17112", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for pam FEDORA-2010-17112\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"pam on Fedora 13\";\ntag_insight = \"PAM (Pluggable Authentication Modules) is a system security tool that\n allows system administrators to set authentication policy without\n having to recompile programs that handle authentication.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050260.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.862515\");\n script_version(\"$Revision: 8266 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-01 08:28:32 +0100 (Mon, 01 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2010-11-16 14:49:48 +0100 (Tue, 16 Nov 2010)\");\n script_tag(name:\"cvss_base\", value:\"6.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"FEDORA\", value: \"2010-17112\");\n script_cve_id(\"CVE-2010-3316\", \"CVE-2010-3435\", \"CVE-2010-3853\");\n script_name(\"Fedora Update for pam FEDORA-2010-17112\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of pam\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC13\")\n{\n\n if ((res = isrpmvuln(pkg:\"pam\", rpm:\"pam~1.1.1~6.fc13\", rls:\"FC13\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-12-15T11:57:55", "bulletinFamily": "scanner", "description": "Check for the Version of pam", "modified": "2017-12-15T00:00:00", "published": "2010-11-16T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=862515", "id": "OPENVAS:862515", "title": "Fedora Update for pam FEDORA-2010-17112", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for pam FEDORA-2010-17112\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"pam on Fedora 13\";\ntag_insight = \"PAM (Pluggable Authentication Modules) is a system security tool that\n allows system administrators to set authentication policy without\n having to recompile programs that handle authentication.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050260.html\");\n script_id(862515);\n script_version(\"$Revision: 8130 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-15 07:31:09 +0100 (Fri, 15 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-11-16 14:49:48 +0100 (Tue, 16 Nov 2010)\");\n script_tag(name:\"cvss_base\", value:\"6.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"FEDORA\", value: \"2010-17112\");\n script_cve_id(\"CVE-2010-3316\", \"CVE-2010-3435\", \"CVE-2010-3853\");\n script_name(\"Fedora Update for pam FEDORA-2010-17112\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of pam\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC13\")\n{\n\n if ((res = isrpmvuln(pkg:\"pam\", rpm:\"pam~1.1.1~6.fc13\", rls:\"FC13\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-12-21T11:32:48", "bulletinFamily": "scanner", "description": "Check for the Version of pam", "modified": "2017-12-21T00:00:00", "published": "2010-11-16T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=870355", "id": "OPENVAS:870355", "title": "RedHat Update for pam RHSA-2010:0819-01", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for pam RHSA-2010:0819-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Pluggable Authentication Modules (PAM) provide a system whereby\n administrators can set up authentication policies without having to\n recompile programs that handle authentication.\n\n It was discovered that the pam_namespace module executed the external\n script namespace.init with an unchanged environment inherited from an\n application calling PAM. In cases where such an environment was untrusted\n (for example, when pam_namespace was configured for setuid applications\n such as su or sudo), a local, unprivileged user could possibly use this\n flaw to escalate their privileges. (CVE-2010-3853)\n \n It was discovered that the pam_mail module used root privileges while\n accessing users' files. In certain configurations, a local, unprivileged\n user could use this flaw to obtain limited information about files or\n directories that they do not have access to. (CVE-2010-3435)\n \n It was discovered that the pam_xauth module did not verify the return\n values of the setuid() and setgid() system calls. A local, unprivileged\n user could use this flaw to execute the xauth command with root privileges\n and make it read an arbitrary input file. (CVE-2010-3316)\n \n Red Hat would like to thank Sebastian Krahmer of the SuSE Security Team for\n reporting the CVE-2010-3435 issue.\n \n All pam users should upgrade to these updated packages, which contain\n backported patches to correct these issues.\";\n\ntag_affected = \"pam on Red Hat Enterprise Linux (v. 5 server)\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/rhsa-announce/2010-November/msg00001.html\");\n script_id(870355);\n script_version(\"$Revision: 8205 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-21 07:30:37 +0100 (Thu, 21 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-11-16 14:49:48 +0100 (Tue, 16 Nov 2010)\");\n script_tag(name:\"cvss_base\", value:\"6.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"RHSA\", value: \"2010:0819-01\");\n script_cve_id(\"CVE-2010-3316\", \"CVE-2010-3435\", \"CVE-2010-3853\");\n script_name(\"RedHat Update for pam RHSA-2010:0819-01\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of pam\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"RHENT_5\")\n{\n\n if ((res = isrpmvuln(pkg:\"pam\", rpm:\"pam~0.99.6.2~6.el5_5.2\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"pam-debuginfo\", rpm:\"pam-debuginfo~0.99.6.2~6.el5_5.2\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"pam-devel\", rpm:\"pam-devel~0.99.6.2~6.el5_5.2\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-01-02T10:54:17", "bulletinFamily": "scanner", "description": "Check for the Version of pam", "modified": "2017-12-21T00:00:00", "published": "2010-12-02T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310862619", "id": "OPENVAS:1361412562310862619", "title": "Fedora Update for pam FEDORA-2010-17155", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for pam FEDORA-2010-17155\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"pam on Fedora 14\";\ntag_insight = \"PAM (Pluggable Authentication Modules) is a system security tool that\n allows system administrators to set authentication policy without\n having to recompile programs that handle authentication.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050475.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.862619\");\n script_version(\"$Revision: 8207 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-21 08:30:12 +0100 (Thu, 21 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-12-02 08:39:14 +0100 (Thu, 02 Dec 2010)\");\n script_tag(name:\"cvss_base\", value:\"6.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"FEDORA\", value: \"2010-17155\");\n script_cve_id(\"CVE-2010-3316\", \"CVE-2010-3435\", \"CVE-2010-3853\");\n script_name(\"Fedora Update for pam FEDORA-2010-17155\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of pam\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC14\")\n{\n\n if ((res = isrpmvuln(pkg:\"pam\", rpm:\"pam~1.1.1~6.fc14\", rls:\"FC14\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-12-21T11:32:46", "bulletinFamily": "scanner", "description": "Check for the Version of pam", "modified": "2017-12-20T00:00:00", "published": "2010-11-23T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=862556", "id": "OPENVAS:862556", "title": "Fedora Update for pam FEDORA-2010-17133", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for pam FEDORA-2010-17133\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"pam on Fedora 12\";\ntag_insight = \"PAM (Pluggable Authentication Modules) is a system security tool that\n allows system administrators to set authentication policy without\n having to recompile programs that handle authentication.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050991.html\");\n script_id(862556);\n script_version(\"$Revision: 8186 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-20 07:30:34 +0100 (Wed, 20 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-11-23 15:30:07 +0100 (Tue, 23 Nov 2010)\");\n script_tag(name:\"cvss_base\", value:\"6.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"FEDORA\", value: \"2010-17133\");\n script_cve_id(\"CVE-2010-3316\", \"CVE-2010-3435\", \"CVE-2010-3853\");\n script_name(\"Fedora Update for pam FEDORA-2010-17133\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of pam\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC12\")\n{\n\n if ((res = isrpmvuln(pkg:\"pam\", rpm:\"pam~1.1.1~6.fc12\", rls:\"FC12\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-12-14T11:48:33", "bulletinFamily": "scanner", "description": "Check for the Version of pam", "modified": "2017-12-13T00:00:00", "published": "2010-11-16T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=831231", "id": "OPENVAS:831231", "title": "Mandriva Update for pam MDVSA-2010:220 (pam)", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for pam MDVSA-2010:220 (pam)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Multiple vulnerabilities were discovered and corrected in pam:\n\n The pam_xauth module did not verify the return values of the setuid()\n and setgid() system calls. A local, unprivileged user could use this\n flaw to execute the xauth command with root privileges and make it\n read an arbitrary input file (CVE-2010-3316).\n \n The pam_mail module used root privileges while accessing users'\n files. In certain configurations, a local, unprivileged user could\n use this flaw to obtain limited information about files or directories\n that they do not have access to (CVE-2010-3435).\n \n The pam_namespace module executed the external script namespace.init\n with an unchanged environment inherited from an application calling\n PAM. In cases where such an environment was untrusted (for example,\n when pam_namespace was configured for setuid applications such as su\n or sudo), a local, unprivileged user could possibly use this flaw to\n escalate their privileges (CVE-2010-3853).\n \n Packages for 2009.0 are provided as of the Extended Maintenance\n Program. Please visit this link to learn more:\n http://store.mandriva.com/product_info.php?cPath=149&amp;products_id=490\n \n The updated packages have been patched to correct these issues.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_affected = \"pam on Mandriva Linux 2009.0,\n Mandriva Linux 2009.0/X86_64,\n Mandriva Linux 2009.1,\n Mandriva Linux 2009.1/X86_64,\n Mandriva Linux 2010.0,\n Mandriva Linux 2010.0/X86_64,\n Mandriva Linux 2010.1,\n Mandriva Linux 2010.1/X86_64,\n Mandriva Enterprise Server 5,\n Mandriva Enterprise Server 5/X86_64\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.mandriva.com/security-announce/2010-11/msg00002.php\");\n script_id(831231);\n script_version(\"$Revision: 8092 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-13 07:31:16 +0100 (Wed, 13 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-11-16 14:49:48 +0100 (Tue, 16 Nov 2010)\");\n script_tag(name:\"cvss_base\", value:\"6.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"MDVSA\", value: \"2010:220\");\n script_cve_id(\"CVE-2010-3316\", \"CVE-2010-3435\", \"CVE-2010-3853\");\n script_name(\"Mandriva Update for pam MDVSA-2010:220 (pam)\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of pam\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"MNDK_mes5\")\n{\n\n if ((res = isrpmvuln(pkg:\"libpam0\", rpm:\"libpam0~0.99.8.1~16.2mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libpam-devel\", rpm:\"libpam-devel~0.99.8.1~16.2mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"pam\", rpm:\"pam~0.99.8.1~16.2mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"pam-doc\", rpm:\"pam-doc~0.99.8.1~16.2mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64pam0\", rpm:\"lib64pam0~0.99.8.1~16.2mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64pam-devel\", rpm:\"lib64pam-devel~0.99.8.1~16.2mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_2010.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"libpam0\", rpm:\"libpam0~1.1.1~2.1mdv2010.1\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libpam-devel\", rpm:\"libpam-devel~1.1.1~2.1mdv2010.1\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"pam\", rpm:\"pam~1.1.1~2.1mdv2010.1\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"pam-doc\", rpm:\"pam-doc~1.1.1~2.1mdv2010.1\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64pam0\", rpm:\"lib64pam0~1.1.1~2.1mdv2010.1\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64pam-devel\", rpm:\"lib64pam-devel~1.1.1~2.1mdv2010.1\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_2010.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"libpam0\", rpm:\"libpam0~1.1.0~6.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libpam-devel\", rpm:\"libpam-devel~1.1.0~6.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"pam\", rpm:\"pam~1.1.0~6.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"pam-doc\", rpm:\"pam-doc~1.1.0~6.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64pam0\", rpm:\"lib64pam0~1.1.0~6.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64pam-devel\", rpm:\"lib64pam-devel~1.1.0~6.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_2009.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"libpam0\", rpm:\"libpam0~0.99.8.1~20.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libpam-devel\", rpm:\"libpam-devel~0.99.8.1~20.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"pam\", rpm:\"pam~0.99.8.1~20.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"pam-doc\", rpm:\"pam-doc~0.99.8.1~20.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64pam0\", rpm:\"lib64pam0~0.99.8.1~20.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64pam-devel\", rpm:\"lib64pam-devel~0.99.8.1~20.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_2009.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"libpam0\", rpm:\"libpam0~0.99.8.1~16.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libpam-devel\", rpm:\"libpam-devel~0.99.8.1~16.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"pam\", rpm:\"pam~0.99.8.1~16.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"pam-doc\", rpm:\"pam-doc~0.99.8.1~16.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64pam0\", rpm:\"lib64pam0~0.99.8.1~16.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64pam-devel\", rpm:\"lib64pam-devel~0.99.8.1~16.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-01-19T15:04:51", "bulletinFamily": "scanner", "description": "Check for the Version of pam", "modified": "2018-01-19T00:00:00", "published": "2010-11-16T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310870355", "id": "OPENVAS:1361412562310870355", "type": "openvas", "title": "RedHat Update for pam RHSA-2010:0819-01", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for pam RHSA-2010:0819-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Pluggable Authentication Modules (PAM) provide a system whereby\n administrators can set up authentication policies without having to\n recompile programs that handle authentication.\n\n It was discovered that the pam_namespace module executed the external\n script namespace.init with an unchanged environment inherited from an\n application calling PAM. In cases where such an environment was untrusted\n (for example, when pam_namespace was configured for setuid applications\n such as su or sudo), a local, unprivileged user could possibly use this\n flaw to escalate their privileges. (CVE-2010-3853)\n \n It was discovered that the pam_mail module used root privileges while\n accessing users' files. In certain configurations, a local, unprivileged\n user could use this flaw to obtain limited information about files or\n directories that they do not have access to. (CVE-2010-3435)\n \n It was discovered that the pam_xauth module did not verify the return\n values of the setuid() and setgid() system calls. A local, unprivileged\n user could use this flaw to execute the xauth command with root privileges\n and make it read an arbitrary input file. (CVE-2010-3316)\n \n Red Hat would like to thank Sebastian Krahmer of the SuSE Security Team for\n reporting the CVE-2010-3435 issue.\n \n All pam users should upgrade to these updated packages, which contain\n backported patches to correct these issues.\";\n\ntag_affected = \"pam on Red Hat Enterprise Linux (v. 5 server)\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/rhsa-announce/2010-November/msg00001.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.870355\");\n script_version(\"$Revision: 8469 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-19 08:58:21 +0100 (Fri, 19 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2010-11-16 14:49:48 +0100 (Tue, 16 Nov 2010)\");\n script_tag(name:\"cvss_base\", value:\"6.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"RHSA\", value: \"2010:0819-01\");\n script_cve_id(\"CVE-2010-3316\", \"CVE-2010-3435\", \"CVE-2010-3853\");\n script_name(\"RedHat Update for pam RHSA-2010:0819-01\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of pam\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"RHENT_5\")\n{\n\n if ((res = isrpmvuln(pkg:\"pam\", rpm:\"pam~0.99.6.2~6.el5_5.2\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"pam-debuginfo\", rpm:\"pam-debuginfo~0.99.6.2~6.el5_5.2\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"pam-devel\", rpm:\"pam-devel~0.99.6.2~6.el5_5.2\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "oraclelinux": [{"lastseen": "2018-08-31T01:43:18", "bulletinFamily": "unix", "description": "[1.1.1-4.1]\n- fix insecure dropping of priviledges in pam_xauth, pam_env,\n and pam_mail - CVE-2010-3316 (#637898), CVE-2010-3435 (#641335)\n- fix insecure executing of scripts with user supplied environment\n variables in pam_namespace - CVE-2010-3853 (#643043)", "modified": "2011-02-10T00:00:00", "published": "2011-02-10T00:00:00", "id": "ELSA-2010-0891", "href": "http://linux.oracle.com/errata/ELSA-2010-0891.html", "title": "pam security update", "type": "oraclelinux", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T01:44:15", "bulletinFamily": "unix", "description": "[0.99.6.2-6.2]\n- fix insecure dropping of priviledges in pam_xauth\n and pam_mail - CVE-2010-3316 (#637898), CVE-2010-3435 (#641335)\n- fix insecure executing of scripts with user supplied environment\n variables in pam_namespace - CVE-2010-3853 (#643043) ", "modified": "2010-11-01T00:00:00", "published": "2010-11-01T00:00:00", "id": "ELSA-2010-0819", "href": "http://linux.oracle.com/errata/ELSA-2010-0819.html", "title": "pam security update", "type": "oraclelinux", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "cve": [{"lastseen": "2019-01-04T12:31:23", "bulletinFamily": "NVD", "description": "The check_acl function in pam_xauth.c in the pam_xauth module in Linux-PAM (aka pam) 1.1.2 and earlier does not verify that a certain ACL file is a regular file, which might allow local users to cause a denial of service (resource consumption) via a special file.", "modified": "2019-01-03T10:01:45", "published": "2011-01-24T14:00:01", "id": "CVE-2010-4707", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-4707", "title": "CVE-2010-4707", "type": "cve", "cvss": {"score": 4.9, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:NONE/A:NONE/"}}, {"lastseen": "2019-01-04T12:31:22", "bulletinFamily": "NVD", "description": "pam_namespace.c in the pam_namespace module in Linux-PAM (aka pam) before 1.1.3 uses the environment of the invoking application or service during execution of the namespace.init script, which might allow local users to gain privileges by running a setuid program that relies on the pam_namespace PAM check, as demonstrated by the sudo program.", "modified": "2019-01-03T10:01:45", "published": "2011-01-24T13:00:02", "id": "CVE-2010-3853", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3853", "title": "CVE-2010-3853", "type": "cve", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-01-04T12:31:22", "bulletinFamily": "NVD", "description": "The (1) pam_env and (2) pam_mail modules in Linux-PAM (aka pam) before 1.1.2 use root privileges during read access to files and directories that belong to arbitrary user accounts, which might allow local users to obtain sensitive information by leveraging this filesystem activity, as demonstrated by a symlink attack on the .pam_environment file in a user's home directory.", "modified": "2019-01-03T10:01:45", "published": "2011-01-24T13:00:02", "id": "CVE-2010-3435", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3435", "title": "CVE-2010-3435", "type": "cve", "cvss": {"score": 4.7, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:NONE/A:NONE/"}}, {"lastseen": "2019-01-04T12:31:22", "bulletinFamily": "NVD", "description": "The run_coprocess function in pam_xauth.c in the pam_xauth module in Linux-PAM (aka pam) before 1.1.2 does not check the return values of the setuid, setgid, and setgroups system calls, which might allow local users to read arbitrary files by executing a program that relies on the pam_xauth PAM check.", "modified": "2019-01-03T10:01:45", "published": "2011-01-24T13:00:01", "id": "CVE-2010-3316", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3316", "title": "CVE-2010-3316", "type": "cve", "cvss": {"score": 3.3, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}}], "securityvulns": [{"lastseen": "2018-08-31T11:10:37", "bulletinFamily": "software", "description": "-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\n _______________________________________________________________________\r\n\r\n Mandriva Linux Security Advisory MDVSA-2010:220\r\n http://www.mandriva.com/security/\r\n _______________________________________________________________________\r\n\r\n Package : pam\r\n Date : November 4, 2010\r\n Affected: 2009.0, 2009.1, 2010.0, 2010.1, Enterprise Server 5.0\r\n _______________________________________________________________________\r\n\r\n Problem Description:\r\n\r\n Multiple vulnerabilities were discovered and corrected in pam:\r\n \r\n The pam_xauth module did not verify the return values of the setuid&#40;&#41;\r\n and setgid&#40;&#41; system calls. A local, unprivileged user could use this\r\n flaw to execute the xauth command with root privileges and make it\r\n read an arbitrary input file &#40;CVE-2010-3316&#41;.\r\n \r\n The pam_mail module used root privileges while accessing users&#39;\r\n files. In certain configurations, a local, unprivileged user could\r\n use this flaw to obtain limited information about files or directories\r\n that they do not have access to &#40;CVE-2010-3435&#41;.\r\n \r\n The pam_namespace module executed the external script namespace.init\r\n with an unchanged environment inherited from an application calling\r\n PAM. In cases where such an environment was untrusted &#40;for example,\r\n when pam_namespace was configured for setuid applications such as su\r\n or sudo&#41;, a local, unprivileged user could possibly use this flaw to\r\n escalate their privileges &#40;CVE-2010-3853&#41;.\r\n \r\n Packages for 2009.0 are provided as of the Extended Maintenance\r\n Program. Please visit this link to learn more:\r\n http://store.mandriva.com/product_info.php?cPath=149&amp;products_id=490\r\n \r\n The updated packages have been patched to correct these issues.\r\n _______________________________________________________________________\r\n\r\n References:\r\n\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3316\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3435\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3853\r\n _______________________________________________________________________\r\n\r\n Updated Packages:\r\n\r\n Mandriva Linux 2009.0:\r\n 69786ba211f064d06465cc7b1495c2d3 2009.0/i586/libpam0-0.99.8.1-16.2mdv2009.0.i586.rpm\r\n ad480c4220b456a3ea1c700e4aed85e4 2009.0/i586/libpam-devel-0.99.8.1-16.2mdv2009.0.i586.rpm\r\n 53657e6972a7c54172beda78dec01747 2009.0/i586/pam-0.99.8.1-16.2mdv2009.0.i586.rpm\r\n badae4a2575ce217567a57caba4671e0 2009.0/i586/pam-doc-0.99.8.1-16.2mdv2009.0.i586.rpm \r\n 369f8fbf430e4e20ec2a049f2d5a8339 2009.0/SRPMS/pam-0.99.8.1-16.2mdv2009.0.src.rpm\r\n\r\n Mandriva Linux 2009.0/X86_64:\r\n 35e03d6ab52fc14704180ff225ae0408 2009.0/x86_64/lib64pam0-0.99.8.1-16.2mdv2009.0.x86_64.rpm\r\n a93abeab91371f20c1a190e6511ec499 2009.0/x86_64/lib64pam-devel-0.99.8.1-16.2mdv2009.0.x86_64.rpm\r\n ef401ab8d6ca3fece20765f21e8a4b81 2009.0/x86_64/pam-0.99.8.1-16.2mdv2009.0.x86_64.rpm\r\n 3d3f1d915d7e2b43a66c9417fedcd945 2009.0/x86_64/pam-doc-0.99.8.1-16.2mdv2009.0.x86_64.rpm \r\n 369f8fbf430e4e20ec2a049f2d5a8339 2009.0/SRPMS/pam-0.99.8.1-16.2mdv2009.0.src.rpm\r\n\r\n Mandriva Linux 2009.1:\r\n c0c392fab146812a023e7633fe1ceeb7 2009.1/i586/libpam0-0.99.8.1-20.1mdv2009.1.i586.rpm\r\n 947d0b3b9b90a05ce3a9977c1436c57e 2009.1/i586/libpam-devel-0.99.8.1-20.1mdv2009.1.i586.rpm\r\n 4f99d7e29757bf81cc5cb60b5e01df48 2009.1/i586/pam-0.99.8.1-20.1mdv2009.1.i586.rpm\r\n ca875c8c456de2772265f922187ca4b4 2009.1/i586/pam-doc-0.99.8.1-20.1mdv2009.1.i586.rpm \r\n 31264e4b3f73ed96678d159af6d2e07b 2009.1/SRPMS/pam-0.99.8.1-20.1mdv2009.1.src.rpm\r\n\r\n Mandriva Linux 2009.1/X86_64:\r\n 1b31bd9af45b6355e153086bf16215de 2009.1/x86_64/lib64pam0-0.99.8.1-20.1mdv2009.1.x86_64.rpm\r\n 49b0cd7f2ebfcf3f051f1cfa1127bbe5 2009.1/x86_64/lib64pam-devel-0.99.8.1-20.1mdv2009.1.x86_64.rpm\r\n 95090c3f50e47129f973f86a85b827f2 2009.1/x86_64/pam-0.99.8.1-20.1mdv2009.1.x86_64.rpm\r\n 845484d6506e2ea62651932558822f63 2009.1/x86_64/pam-doc-0.99.8.1-20.1mdv2009.1.x86_64.rpm \r\n 31264e4b3f73ed96678d159af6d2e07b 2009.1/SRPMS/pam-0.99.8.1-20.1mdv2009.1.src.rpm\r\n\r\n Mandriva Linux 2010.0:\r\n 6dd5a17484b94f93ba8a8cdc8a6994de 2010.0/i586/libpam0-1.1.0-6.1mdv2010.0.i586.rpm\r\n 7649cc7d3dd4f756cec888c18a279f94 2010.0/i586/libpam-devel-1.1.0-6.1mdv2010.0.i586.rpm\r\n fb09c1526f0e43022aa09a53bda865a4 2010.0/i586/pam-1.1.0-6.1mdv2010.0.i586.rpm\r\n 52cb306b585052044bc896d8a092d6da 2010.0/i586/pam-doc-1.1.0-6.1mdv2010.0.i586.rpm \r\n 796383329dba07f3fa05e998e166cdfd 2010.0/SRPMS/pam-1.1.0-6.1mdv2010.0.src.rpm\r\n\r\n Mandriva Linux 2010.0/X86_64:\r\n cbc1a63c68a6e7928f165cb72b419c81 2010.0/x86_64/lib64pam0-1.1.0-6.1mdv2010.0.x86_64.rpm\r\n f4649e861830739a84c6e034c5a02d92 2010.0/x86_64/lib64pam-devel-1.1.0-6.1mdv2010.0.x86_64.rpm\r\n 87fadece1f26a3a8fa81e13662f73835 2010.0/x86_64/pam-1.1.0-6.1mdv2010.0.x86_64.rpm\r\n 0486af7fd18e4cff4e2d1a0c454fdb7f 2010.0/x86_64/pam-doc-1.1.0-6.1mdv2010.0.x86_64.rpm \r\n 796383329dba07f3fa05e998e166cdfd 2010.0/SRPMS/pam-1.1.0-6.1mdv2010.0.src.rpm\r\n\r\n Mandriva Linux 2010.1:\r\n c2473140f61385cecdc8ef9ac88dc2e9 2010.1/i586/libpam0-1.1.1-2.1mdv2010.1.i586.rpm\r\n 7eec14ba49ec3297e7cfadadc67c3c9f 2010.1/i586/libpam-devel-1.1.1-2.1mdv2010.1.i586.rpm\r\n 912c5cda86fba68e867bef8db80d541c 2010.1/i586/pam-1.1.1-2.1mdv2010.1.i586.rpm\r\n e64a7bbb0dd34cc24bcbab56135f80a5 2010.1/i586/pam-doc-1.1.1-2.1mdv2010.1.i586.rpm \r\n c70e6904e0b740e408ee6bef1d932244 2010.1/SRPMS/pam-1.1.1-2.1mdv2010.1.src.rpm\r\n\r\n Mandriva Linux 2010.1/X86_64:\r\n c736e5498b71924f834104c6a2a1be46 2010.1/x86_64/lib64pam0-1.1.1-2.1mdv2010.1.x86_64.rpm\r\n 6cfabb68e6305e5d5491a4cad6c5fff3 2010.1/x86_64/lib64pam-devel-1.1.1-2.1mdv2010.1.x86_64.rpm\r\n 0724a47819b4409b3a819aae12588fe0 2010.1/x86_64/pam-1.1.1-2.1mdv2010.1.x86_64.rpm\r\n 247cd2094ce66f3e28e78927ed5d187e 2010.1/x86_64/pam-doc-1.1.1-2.1mdv2010.1.x86_64.rpm \r\n c70e6904e0b740e408ee6bef1d932244 2010.1/SRPMS/pam-1.1.1-2.1mdv2010.1.src.rpm\r\n\r\n Mandriva Enterprise Server 5:\r\n 1d08c70aaa1fdfabf369d3e9b7a89e65 mes5/i586/libpam0-0.99.8.1-16.2mdvmes5.1.i586.rpm\r\n fd1f3904da9590669e00c5691759f91c mes5/i586/libpam-devel-0.99.8.1-16.2mdvmes5.1.i586.rpm\r\n f56f1a78e2e00f770edef9694b91b9e2 mes5/i586/pam-0.99.8.1-16.2mdvmes5.1.i586.rpm\r\n e8693a4476626d18db11316bb7fd9c83 mes5/i586/pam-doc-0.99.8.1-16.2mdvmes5.1.i586.rpm \r\n 3d07636e6b1208d0fbca2c0ab7d6093c mes5/SRPMS/pam-0.99.8.1-16.2mdvmes5.1.src.rpm\r\n\r\n Mandriva Enterprise Server 5/X86_64:\r\n 5eefd3d906380879ad076d7da77dd29e mes5/x86_64/lib64pam0-0.99.8.1-16.2mdvmes5.1.x86_64.rpm\r\n c6f5637f2e7c286138aa97c93aede29e mes5/x86_64/lib64pam-devel-0.99.8.1-16.2mdvmes5.1.x86_64.rpm\r\n 83f190e1bb31f79cfd4abe7abd2373aa mes5/x86_64/pam-0.99.8.1-16.2mdvmes5.1.x86_64.rpm\r\n 7223e7bda42555384e72cb5cdb51c795 mes5/x86_64/pam-doc-0.99.8.1-16.2mdvmes5.1.x86_64.rpm \r\n 3d07636e6b1208d0fbca2c0ab7d6093c mes5/SRPMS/pam-0.99.8.1-16.2mdvmes5.1.src.rpm\r\n _______________________________________________________________________\r\n\r\n To upgrade automatically use MandrivaUpdate or urpmi. The verification\r\n of md5 checksums and GPG signatures is performed automatically for you.\r\n\r\n All packages are signed by Mandriva for security. You can obtain the\r\n GPG public key of the Mandriva Security Team by executing:\r\n\r\n gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\r\n\r\n You can view other update advisories for Mandriva Linux at:\r\n\r\n http://www.mandriva.com/security/advisories\r\n\r\n If you want to report vulnerabilities, please contact\r\n\r\n security_&#40;at&#41;_mandriva.com\r\n _______________________________________________________________________\r\n\r\n Type Bits/KeyID Date User ID\r\n pub 1024D/22458A98 2000-07-10 Mandriva Security Team\r\n &lt;security*mandriva.com&gt;\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.9 &#40;GNU/Linux&#41;\r\n\r\niD8DBQFM0ncTmqjQ0CJFipgRAqNFAJ4yPDjEu3NR/hfuktfIRjaDG/g4UACcCsem\r\ncCMZd7MopuesEKLGj+k6B8A=\r\n=bth2\r\n-----END PGP SIGNATURE-----", "modified": "2010-11-08T00:00:00", "published": "2010-11-08T00:00:00", "id": "SECURITYVULNS:DOC:25092", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:25092", "title": "[ MDVSA-2010:220 ] pam", "type": "securityvulns", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:09:39", "bulletinFamily": "software", "description": "Different vulnerabilities in pam_xauth, pam_mail, pam_namespace modules.", "modified": "2010-11-08T00:00:00", "published": "2010-11-08T00:00:00", "id": "SECURITYVULNS:VULN:11240", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:11240", "title": "PAM authentuication modules multiple security vulnerabilities", "type": "securityvulns", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:10:39", "bulletinFamily": "software", "description": "-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\n- ------------------------------------------------------------------------\r\n VMware Security Advisory\r\n\r\nAdvisory ID: VMSA-2011-0004\r\nSynopsis: VMware ESX/ESXi SLPD denial of service vulnerability\r\n and ESX third party updates for Service Console\r\n packages bind, pam, and rpm.\r\nIssue date: 2011-03-07\r\nUpdated on: 2011-03-07 &#40;initial release of advisory&#41;\r\nCVE numbers: CVE-2010-3613 CVE-2010-3614 CVE-2010-3762\r\n CVE-2010-3316 CVE-2010-3435 CVE-2010-3853\r\n CVE-2010-2059 CVE-2010-3609\r\n- ------------------------------------------------------------------------\r\n\r\n1. Summary\r\n\r\n Service Location Protocol daemon &#40;SLPD&#41; denial of service issue and\r\n ESX 4.0 Service Console OS &#40;COS&#41; updates for bind, pam, and rpm.\r\n\r\n2. Relevant releases\r\n\r\n VMware ESXi 4.1 without patch ESXi410-201101201-SG.\r\n\r\n VMware ESXi 4.0 without patch ESXi400-201103401-SG.\r\n\r\n VMware ESX 4.1 without patch ESX410-201101201-SG.\r\n\r\n VMware ESX 4.0 without patches ESX400-201103401-SG,\r\n ESX400-201103404-SG, ESX400-201103406-SG, ESX400-201103407-SG.\r\n\r\n3. Problem Description\r\n\r\n a. Service Location Protocol daemon DoS\r\n\r\n This patch fixes a denial-of-service vulnerability in\r\n the Service Location Protocol daemon &#40;SLPD&#41;. Exploitation of this\r\n vulnerability could cause SLPD to consume significant CPU\r\n resources.\r\n\r\n VMware would like to thank Nicolas Gregoire and US CERT for\r\n reporting this issue to us.\r\n\r\n The Common Vulnerabilities and Exposures Project &#40;cve.mitre.org&#41;\r\n has assigned the name CVE-2010-3609 to this issue.\r\n\r\n Column 4 of the following table lists the action required to\r\n remediate the vulnerability in each release, if a solution is\r\n available.\r\n\r\n VMware Product Running Replace with/\r\n Product Version on Apply Patch\r\n ============= ======== ======= =================\r\n vCenter any Windows not affected\r\n\r\n hosted * any any not affected\r\n\r\n ESXi 4.1 ESXi ESXi410-201101201-SG\r\n ESXi 4.0 ESXi ESXi400-201103401-SG\r\n ESXi 3.5 ESXi not applicable\r\n\r\n ESX 4.1 ESX ESX410-201101201-SG\r\n ESX 4.0 ESX ESX400-201103401-SG\r\n ESX 3.5 ESX not applicable\r\n ESX 3.0.3 ESX not applicable\r\n\r\n * hosted products are VMware Workstation, Player, Fusion.\r\n\r\n b. Service Console update for bind\r\n\r\n This patch updates the bind-libs and bind-utils RPMs to version\r\n 9.3.6-4.P1.el5_5.3, which resolves multiple security issues.\r\n\r\n The Common Vulnerabilities and Exposures project &#40;cve.mitre.org&#41;\r\n has assigned the names CVE-2010-3613, CVE-2010-3614, and\r\n CVE-2010-3762 to these issues.\r\n\r\n Column 4 of the following table lists the action required to\r\n remediate the vulnerability in each release, if a solution is\r\n available. \r\n\r\n VMware Product Running Replace with/\r\n Product Version on Apply Patch\r\n ============= ======== ======= =================\r\n vCenter any Windows not affected\r\n\r\n hosted * any any not affected\r\n\r\n ESXi any ESXi not applicable\r\n\r\n ESX 4.1 ESX affected, patch pending\r\n ESX 4.0 ESX ESX400-201103407-SG\r\n ESX 3.5 ESX not applicable\r\n ESX 3.0.3 ESX not applicable\r\n\r\n * hosted products are VMware Workstation, Player, Fusion.\r\n\r\n c. Service Console update for pam\r\n\r\n This patch updates the pam RPM to pam_0.99.6.2-3.27.5437.vmw,\r\n which resolves multiple security issues with PAM modules.\r\n\r\n The Common Vulnerabilities and Exposures project &#40;cve.mitre.org&#41;\r\n has assigned the names CVE-2010-3316, CVE-2010-3435, and\r\n CVE-2010-3853 to these issues.\r\n\r\n Column 4 of the following table lists the action required to\r\n remediate the vulnerability in each release, if a solution is\r\n available.\r\n\r\n VMware Product Running Replace with/\r\n Product Version on Apply Patch\r\n ============= ======== ======= =================\r\n vCenter any Windows not affected\r\n\r\n hosted * any any not affected\r\n \r\n ESXi any ESXi not applicable\r\n\r\n ESX 4.1 ESX affected, patch pending\r\n ESX 4.0 ESX ESX400-201103404-SG\r\n ESX 3.5 ESX not applicable\r\n ESX 3.0.3 ESX not applicable\r\n\r\n * hosted products are VMware Workstation, Player, Fusion.\r\n\r\n d. Service Console update for rpm, rpm-libs, rpm-python, and popt\r\n\r\n This patch updates rpm, rpm-libs, and rpm-python RPMs to\r\n 4.4.2.3-20.el5_5.1, and popt to version 1.10.2.3-20.el5_5.1,\r\n which resolves a security issue.\r\n\r\n The Common Vulnerabilities and Exposures project &#40;cve.mitre.org&#41;\r\n has assigned the name CVE-2010-2059 to this issue.\r\n\r\n Column 4 of the following table lists the action required to\r\n remediate the vulnerability in each release, if a solution is\r\n available.\r\n\r\n VMware Product Running Replace with/\r\n Product Version on Apply Patch\r\n ============= ======== ======= =================\r\n vCenter any Windows not affected\r\n\r\n hosted * any any not affected\r\n\r\n ESXi any ESXi not applicable\r\n\r\n ESX 4.1 ESX affected, patch pending\r\n ESX 4.0 ESX ESX400-201103406-SG\r\n ESX 3.5 ESX not applicable\r\n ESX 3.0.3 ESX not applicable\r\n \r\n * hosted products are VMware Workstation, Player, Fusion.\r\n\r\n\r\n4. Solution\r\n\r\n Please review the patch/release notes for your product and version\r\n and verify the checksum of your downloaded file.\r\n\r\n ESXi 4.1 Installable Update 1\r\n -----------------------------\r\n \r\nhttp://downloads.vmware.com/d/info/datacenter_downloads/vmware_vsphere_4/4_\r\n0\r\n Release Notes:\r\n \r\nhttp://downloads.vmware.com/support/vsphere4/doc/vsp_esxi41_u1_rel_notes.ht\r\nml\r\n http://kb.vmware.com/kb/1027919\r\n\r\n File type: .iso\r\n MD5SUM: d68d6c2e040a87cd04cd18c04c22c998\r\n SHA1SUM: bbaacc0d34503822c14f6ccfefb6a5b62d18ae64\r\n\r\n ESXi 4.1 Update 1 &#40;upgrade ZIP from ESXi 4.1&#41;\r\n File type: .zip\r\n MD5SUM: 2f1e009c046b20042fae3b7ca42a840f\r\n SHA1SUM: 1c9c644012dec657a705ddd3d033cbfb87a1fab1\r\n\r\n ESXi 4.1 Update 1 &#40;upgrade ZIP from ESXi 4.0&#41;\r\n File type: .zip\r\n MD5SUM: 67b924618d196dafaf268a7691bd1a0f\r\n SHA1SUM: 9d74b639e703259d9e49c0341158e0d4e45de516 \r\n\r\n ESXi 4.1 Update 1 &#40;upgrade ZIP from ESXi 3.5&#41;\r\n File type: .zip\r\n MD5SUM: a6024b9f6c6b7b2c629696afc6d07cf4\r\n SHA1SUM: b3841de1a30617ac68d5a861882aa72de3a93488 \r\n\r\n VMware Tools CD image for Linux Guest OSes\r\n File type: .iso\r\n MD5SUM: dad66fa8ece1dd121c302f45444daa70\r\n SHA1SUM: 56535a2cfa7799607356c6fd0a7d9f041da614af \r\n\r\n VMware vSphere Client\r\n File type: .exe\r\n MD5SUM: cb6aa91ada1289575355d79e8c2a9f8e\r\n SHA1SUM: f9e3d8eb83196ae7c31aab554e344a46b722b1e4\r\n\r\n ESXi Installable Update 1 contains the following security bulletins:\r\n ESXi410-201101201-SG.\r\n\r\n ESX 4.1 Update 1\r\n ----------------\r\n \r\nhttp://downloads.vmware.com/d/info/datacenter_downloads/vmware_vsphere_4/4_\r\n0\r\n Release Notes:\r\n \r\nhttp://downloads.vmware.com/support/vsphere4/doc/vsp_esx41_u1_rel_notes.htm\r\nl\r\n http://kb.vmware.com/kb/1029353\r\n\r\n ESX 4.1 Update 1 &#40;DVD ISO&#41;\r\n File type: .iso\r\n md5sum: b9a275b419a20c7bedf31c0bf64f504e\r\n sha1sum: 2d85edcaca8218013585e1eab00bc80db6d96e11 \r\n\r\n ESX 4.1 Update 1 &#40;upgrade ZIP from ESX 4.1&#41;\r\n File type: .zip\r\n md5sum: 2d81a87e994aa2b329036f11d90b4c14\r\n sha1sum: c2bfc0cf7ac03d24afd5049ddbd09a865aad1798 \r\n\r\n Pre-upgrade package for ESX 4.0 to ESX 4.1 Update 1\r\n File type: .zip\r\n md5sum: 75f8cebfd55d8a81deb57c27def963c2\r\n sha1sum: 889c15aa8008fe0e29439d0ab3468c2beb1c4fe2 \r\n\r\n ESX 4.1 Update 1 &#40;upgrade ZIP from ESX 4.0&#41;\r\n File type: .zip\r\n md5sum: 1dc9035cd10e7e60d27e7a7aef57b4c2\r\n sha1sum: e6d3fb65d83a3e263d0f634a3572025854ff8922 \r\n\r\n VMware Tools CD image for Linux Guest OSes\r\n File type: .iso\r\n md5sum: dad66fa8ece1dd121c302f45444daa70\r\n sha1sum: 56535a2cfa7799607356c6fd0a7d9f041da614af \r\n\r\n VMware vSphere Client\r\n File type: .exe\r\n md5sum: cb6aa91ada1289575355d79e8c2a9f8e\r\n sha1sum: f9e3d8eb83196ae7c31aab554e344a46b722b1e4\r\n\r\n ESX410-Update01 contains the following security bulletins:\r\n ESX410-201101201-SG &#40;COS kernel, pam_krb5, cURL, OpenSSL,\r\n Apache Tomcat, Oracle &#40;Sun&#41; JRE&#41; | http://kb.vmware.com/kb/1027904\r\n ESX410-201101226-SG &#40;glibc&#41; | http://kb.vmware.com/kb/1031330\r\n\r\n ESX410-Update01 also contains the following non-security bulletins\r\n ESX410-201101211-UG, ESX410-201101213-UG, ESX410-201101215-UG,\r\n ESX410-201101202-UG, ESX410-201101203-UG, ESX410-201101204-UG,\r\n ESX410-201101206-UG, ESX410-201101207-UG, ESX410-201101208-UG,\r\n ESX410-201101214-UG, ESX410-201101216-UG, ESX410-201101217-UG,\r\n ESX410-201101218-UG, ESX410-201101219-UG, ESX410-201101220-UG,\r\n ESX410-201101221-UG, ESX410-201101222-UG, ESX410-201101225-UG.\r\n\r\n To install an individual bulletin use esxupdate with the -b option.\r\n\r\n ESXi 4.0\r\n --------\r\n ESXi400-201103001\r\n \r\nhttps://hostupdate.vmware.com/software/VUM/OFFLINE/release-274-20110303-677\r\n367/ESXi400-201103001.zip\r\n md5sum: a68ef31414573460cdadef4d81fb95d0\r\n sha1sum: 7155e60962b21b5c295a2e9412ac4a445382db31\r\n http://kb.vmware.com/kb/1032823\r\n\r\n ESXi400-201103001 containes the following security bulletins:\r\n ESXi400-201103401-SG &#40;openssl&#41; | http://kb.vmware.com/kb/1032820\r\n ESXi400-201103402-SG | http://kb.vmware.com/kb/1032821\r\n \r\n ESX 4.0\r\n -------\r\n ESX400-201103001\r\n \r\nhttps://hostupdate.vmware.com/software/VUM/OFFLINE/release-273-20110303-574\r\n144/ESX400-201103001.zip\r\n md5sum: 5b9a0cfe6c0ff1467c09c8d115910ff8\r\n sha1sum: 8bfb5df8066a01704eaa24e4d8a34f371816904b\r\n http://kb.vmware.com/kb/1032822\r\n\r\n ESX400-201103001 containes the following security bulletins:\r\n ESX400-201103401-SG &#40;SLPD, openssl, COS kernel&#41; \r\n | http://kb.vmware.com/kb/1032814\r\n ESX400-201103403-SG &#40;JRE, Tomcat&#41; | http://kb.vmware.com/kb/1032815\r\n ESX400-201103404-SG &#40;pam&#41; | http://kb.vmware.com/kb/1032816\r\n ESX400-201103405-SG &#40;bzip2&#41; | http://kb.vmware.com/kb/1032817\r\n ESX400-201103406-SG &#40;popt/rpm&#41; | http://kb.vmware.com/kb/1032818\r\n ESX400-201103407-SG &#40;bind&#41; | http://kb.vmware.com/kb/1032819\r\n5. References\r\n\r\n CVE numbers\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3613\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3614\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3762\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3316\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3435\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3853\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2059\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3609\r\n\r\n- ------------------------------------------------------------------------\r\n6. Change log\r\n\r\n2011-03-07 VMSA-2011-0004\r\nInitial security advisory in conjunction with the release of VMware\r\nESX/ESXi 4.0 patches on 2011-03-07\r\n\r\n- -----------------------------------------------------------------------\r\n7. Contact\r\n\r\nE-mail list for product security notifications and announcements:\r\nhttp://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce\r\n\r\nThis Security Advisory is posted to the following lists:\r\n\r\n * security-announce at lists.vmware.com\r\n * bugtraq at securityfocus.com\r\n * full-disclosure at lists.grok.org.uk\r\n\r\nE-mail: security at vmware.com\r\nPGP key at: http://kb.vmware.com/kb/1055\r\n\r\nVMware Security Advisories\r\nhttp://www.vmware.com/security/advisories\r\n\r\nVMware security response policy\r\nhttp://www.vmware.com/support/policies/security_response.html\r\n\r\nGeneral support life cycle policy\r\nhttp://www.vmware.com/support/policies/eos.html\r\n\r\nVMware Infrastructure support life cycle policy\r\nhttp://www.vmware.com/support/policies/eos_vi.html\r\n\r\nCopyright 2011 VMware Inc. All rights reserved.\r\n\r\n\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: PGP Desktop 9.8.3 &#40;Build 4028&#41;\r\nCharset: utf-8\r\n\r\nwj8DBQFNdceBS2KysvBH1xkRAs3MAJ0ezxEepDLaIgTNPd0v4QBrdw6ssQCfRgPw\r\nXlxhmCY1Md8s4gnoyjDGvnE=\r\n=kJHZ\r\n-----END PGP SIGNATURE-----", "modified": "2011-03-10T00:00:00", "published": "2011-03-10T00:00:00", "id": "SECURITYVULNS:DOC:25898", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:25898", "title": "VMSA-2011-0004 VMware ESX/ESXi SLPD denial of service vulnerability and ESX third party updates for Service Console packages bind, pam, and rpm.", "type": "securityvulns", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "redhat": [{"lastseen": "2018-12-11T19:40:54", "bulletinFamily": "unix", "description": "Pluggable Authentication Modules (PAM) provide a system whereby\nadministrators can set up authentication policies without having to\nrecompile programs that handle authentication.\n\nIt was discovered that the pam_namespace module executed the external\nscript namespace.init with an unchanged environment inherited from an\napplication calling PAM. In cases where such an environment was untrusted\n(for example, when pam_namespace was configured for setuid applications\nsuch as su or sudo), a local, unprivileged user could possibly use this\nflaw to escalate their privileges. (CVE-2010-3853)\n\nIt was discovered that the pam_env and pam_mail modules used root\nprivileges while accessing user's files. A local, unprivileged user could\nuse this flaw to obtain information, from the lines that have the KEY=VALUE\nformat expected by pam_env, from an arbitrary file. Also, in certain\nconfigurations, a local, unprivileged user using a service for which the\npam_mail module was configured for, could use this flaw to obtain limited\ninformation about files or directories that they do not have access to.\n(CVE-2010-3435)\n\nNote: As part of the fix for CVE-2010-3435, this update changes the default\nvalue of pam_env's configuration option user_readenv to 0, causing the\nmodule to not read user's ~/.pam_environment configuration file by default,\nas reading it may introduce unexpected changes to the environment of the\nservice using PAM, or PAM modules consulted after pam_env.\n\nIt was discovered that the pam_xauth module did not verify the return\nvalues of the setuid() and setgid() system calls. A local, unprivileged\nuser could use this flaw to execute the xauth command with root privileges\nand make it read an arbitrary input file. (CVE-2010-3316)\n\nRed Hat would like to thank Sebastian Krahmer of the SuSE Security Team for\nreporting the CVE-2010-3435 issue.\n\nAll pam users should upgrade to these updated packages, which contain\nbackported patches to correct these issues.\n", "modified": "2018-06-06T20:24:25", "published": "2010-11-16T05:00:00", "id": "RHSA-2010:0891", "href": "https://access.redhat.com/errata/RHSA-2010:0891", "type": "redhat", "title": "(RHSA-2010:0891) Moderate: pam security update", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-12-11T17:42:49", "bulletinFamily": "unix", "description": "Pluggable Authentication Modules (PAM) provide a system whereby\nadministrators can set up authentication policies without having to\nrecompile programs that handle authentication.\n\nIt was discovered that the pam_namespace module executed the external\nscript namespace.init with an unchanged environment inherited from an\napplication calling PAM. In cases where such an environment was untrusted\n(for example, when pam_namespace was configured for setuid applications\nsuch as su or sudo), a local, unprivileged user could possibly use this\nflaw to escalate their privileges. (CVE-2010-3853)\n\nIt was discovered that the pam_mail module used root privileges while\naccessing users' files. In certain configurations, a local, unprivileged\nuser could use this flaw to obtain limited information about files or\ndirectories that they do not have access to. (CVE-2010-3435)\n\nIt was discovered that the pam_xauth module did not verify the return\nvalues of the setuid() and setgid() system calls. A local, unprivileged\nuser could use this flaw to execute the xauth command with root privileges\nand make it read an arbitrary input file. (CVE-2010-3316)\n\nRed Hat would like to thank Sebastian Krahmer of the SuSE Security Team for\nreporting the CVE-2010-3435 issue.\n\nAll pam users should upgrade to these updated packages, which contain\nbackported patches to correct these issues.\n", "modified": "2017-09-08T12:14:32", "published": "2010-11-01T04:00:00", "id": "RHSA-2010:0819", "href": "https://access.redhat.com/errata/RHSA-2010:0819", "type": "redhat", "title": "(RHSA-2010:0819) Moderate: pam security update", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "centos": [{"lastseen": "2019-04-03T05:17:44", "bulletinFamily": "unix", "description": "**CentOS Errata and Security Advisory** CESA-2010:0819\n\n\nPluggable Authentication Modules (PAM) provide a system whereby\nadministrators can set up authentication policies without having to\nrecompile programs that handle authentication.\n\nIt was discovered that the pam_namespace module executed the external\nscript namespace.init with an unchanged environment inherited from an\napplication calling PAM. In cases where such an environment was untrusted\n(for example, when pam_namespace was configured for setuid applications\nsuch as su or sudo), a local, unprivileged user could possibly use this\nflaw to escalate their privileges. (CVE-2010-3853)\n\nIt was discovered that the pam_mail module used root privileges while\naccessing users' files. In certain configurations, a local, unprivileged\nuser could use this flaw to obtain limited information about files or\ndirectories that they do not have access to. (CVE-2010-3435)\n\nIt was discovered that the pam_xauth module did not verify the return\nvalues of the setuid() and setgid() system calls. A local, unprivileged\nuser could use this flaw to execute the xauth command with root privileges\nand make it read an arbitrary input file. (CVE-2010-3316)\n\nRed Hat would like to thank Sebastian Krahmer of the SuSE Security Team for\nreporting the CVE-2010-3435 issue.\n\nAll pam users should upgrade to these updated packages, which contain\nbackported patches to correct these issues.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2010-November/017139.html\nhttp://lists.centos.org/pipermail/centos-announce/2010-November/017140.html\n\n**Affected packages:**\npam\npam-devel\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2010-0819.html", "modified": "2010-11-01T17:57:39", "published": "2010-11-01T17:56:05", "href": "http://lists.centos.org/pipermail/centos-announce/2010-November/017139.html", "id": "CESA-2010:0819", "title": "pam security update", "type": "centos", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "ubuntu": [{"lastseen": "2018-08-31T00:08:57", "bulletinFamily": "unix", "description": "Marcus Granado discovered that PAM incorrectly handled configuration files with non-ASCII usernames. A remote attacker could use this flaw to cause a denial of service, or possibly obtain login access with a different users username. This issue only affected Ubuntu 8.04 LTS. (CVE-2009-0887)\n\nIt was discovered that the PAM pam_xauth, pam_env and pam_mail modules incorrectly handled dropping privileges when performing operations. A local attacker could use this flaw to read certain arbitrary files, and access other sensitive information. (CVE-2010-3316, CVE-2010-3430, CVE-2010-3431, CVE-2010-3435)\n\nIt was discovered that the PAM pam_namespace module incorrectly cleaned the environment during execution of the namespace.init script. A local attacker could use this flaw to possibly gain privileges. (CVE-2010-3853)\n\nIt was discovered that the PAM pam_xauth module incorrectly handled certain failures. A local attacker could use this flaw to delete certain unintended files. (CVE-2010-4706)\n\nIt was discovered that the PAM pam_xauth module incorrectly verified certain file properties. A local attacker could use this flaw to cause a denial of service. (CVE-2010-4707)", "modified": "2011-05-30T00:00:00", "published": "2011-05-30T00:00:00", "id": "USN-1140-1", "href": "https://usn.ubuntu.com/1140-1/", "title": "PAM vulnerabilities", "type": "ubuntu", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T00:10:24", "bulletinFamily": "unix", "description": "USN-1140-1 fixed vulnerabilities in PAM. A regression was found that caused cron to stop working with a \u201cModule is unknown\u201d error. As a result, systems configured with automatic updates will not receive updates until cron is restarted, these updates are installed or the system is rebooted. This update fixes the problem.\n\nWe apologize for the inconvenience.\n\nOriginal advisory details:\n\nMarcus Granado discovered that PAM incorrectly handled configuration files with non-ASCII usernames. A remote attacker could use this flaw to cause a denial of service, or possibly obtain login access with a different users username. This issue only affected Ubuntu 8.04 LTS. (CVE-2009-0887)\n\nIt was discovered that the PAM pam_xauth, pam_env and pam_mail modules incorrectly handled dropping privileges when performing operations. A local attacker could use this flaw to read certain arbitrary files, and access other sensitive information. (CVE-2010-3316, CVE-2010-3430, CVE-2010-3431, CVE-2010-3435)\n\nIt was discovered that the PAM pam_namespace module incorrectly cleaned the environment during execution of the namespace.init script. A local attacker could use this flaw to possibly gain privileges. (CVE-2010-3853)\n\nIt was discovered that the PAM pam_xauth module incorrectly handled certain failures. A local attacker could use this flaw to delete certain unintended files. (CVE-2010-4706)\n\nIt was discovered that the PAM pam_xauth module incorrectly verified certain file properties. A local attacker could use this flaw to cause a denial of service. (CVE-2010-4707)", "modified": "2011-05-31T00:00:00", "published": "2011-05-31T00:00:00", "id": "USN-1140-2", "href": "https://usn.ubuntu.com/1140-2/", "title": "PAM regression", "type": "ubuntu", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "gentoo": [{"lastseen": "2016-09-06T19:46:57", "bulletinFamily": "unix", "description": "### Background\n\nLinux-PAM (Pluggable Authentication Modules) is an architecture allowing the separation of the development of privilege granting software from the development of secure and appropriate authentication schemes. \n\n### Description\n\nMultiple vulnerabilities have been discovered in Linux-PAM. Please review the CVE identifiers referenced below for details. \n\n### Impact\n\nA local attacker could use specially crafted files to cause a buffer overflow, possibly resulting in privilege escalation or Denial of Service. Furthermore, a local attacker could execute specially crafted programs or symlink attacks, possibly resulting in data loss or disclosure of sensitive information. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll Linux-PAM users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=sys-libs/pam-1.1.5\"\n \n\nNOTE: This is a legacy GLSA. Updates for all affected architectures are available since November 25, 2011. It is likely that your system is already no longer affected by this issue.", "modified": "2012-06-25T00:00:00", "published": "2012-06-25T00:00:00", "id": "GLSA-201206-31", "href": "https://security.gentoo.org/glsa/201206-31", "type": "gentoo", "title": "Linux-PAM: Multiple vulnerabilities", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "suse": [{"lastseen": "2016-09-04T12:14:44", "bulletinFamily": "unix", "description": "The pam_env module is vulnerable to a stack overflow\n (CVE-2011-3148) and a DoS condition (CVE-2011-3149) when\n parsing users .pam_environment files. Additionally a\n missing return value check inside pam_xauth has been fixed\n (CVE-2010-3316).\n\n", "modified": "2011-11-03T00:08:35", "published": "2011-11-03T00:08:35", "id": "OPENSUSE-SU-2011:1208-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00005.html", "type": "suse", "title": "pam: fixing stack overflow (CVE-2011-3148), a local DoS (CVE-2011-3149) and CVE-2010-3316. (important)", "cvss": {"score": 4.6, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2016-09-04T12:14:55", "bulletinFamily": "unix", "description": "The pam_env module is vulnerable to a stack overflow\n (CVE-2011-3148) and a DoS condition (CVE-2011-3149) when\n parsing users .pam_environment files. Additionally a\n missing return value check inside pam_xauth has been fixed\n (CVE-2010-3316).\n", "modified": "2011-11-02T23:08:31", "published": "2011-11-02T23:08:31", "id": "SUSE-SU-2011:1205-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00003.html", "title": "Security update for pam (important)", "type": "suse", "cvss": {"score": 4.6, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2016-09-04T12:32:46", "bulletinFamily": "unix", "description": "The pam_env module is vulnerable to a stack overflow\n (CVE-2011-3148) and a DoS condition (CVE-2011-3149) when\n parsing users .pam_environment files. Additionally a\n missing return value check inside pam_xauth has been fixed\n (CVE-2010-3316).\n", "modified": "2011-11-03T00:08:24", "published": "2011-11-03T00:08:24", "id": "SUSE-SU-2011:1207-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00004.html", "type": "suse", "title": "Security update for pam (important)", "cvss": {"score": 4.6, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2016-09-04T11:37:36", "bulletinFamily": "unix", "description": "The pam_env module is vulnerable to a stack overflow\n (CVE-2011-3148) and a DoS condition (CVE-2011-3149) when\n parsing users .pam_environment files. Additionally a\n missing return value check inside pam_xauth has been fixed\n (CVE-2010-3316).\n", "modified": "2011-11-03T00:08:45", "published": "2011-11-03T00:08:45", "id": "SUSE-SU-2011:1209-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00006.html", "type": "suse", "title": "Security update for pam (important)", "cvss": {"score": 4.6, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2016-04-13T00:53:51", "bulletinFamily": "unix", "description": "The pam_env module was vulnerable to a stack overflow\n (CVE-2011-3148) and a DoS condition (CVE-2011-3149) when\n parsing users .pam_environment files. Additionally a\n missing return value check inside pam_xauth has been fixed\n (CVE-2010-3316).\n", "modified": "2011-11-04T15:08:22", "published": "2011-11-04T15:08:22", "id": "SUSE-SU-2011:1218-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00010.html", "type": "suse", "title": "Security update for pam (important)", "cvss": {"score": 4.6, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "vmware": [{"lastseen": "2018-09-02T02:40:35", "bulletinFamily": "unix", "description": "a. Service Location Protocol daemon DoS \nThis patch fixes a denial-of-service vulnerability in the Service Location Protocol daemon (SLPD). Exploitation of this vulnerability could cause SLPD to consume significant CPU resources. \nVMware would like to thank Nicolas Gregoire and US CERT for reporting this issue to us. \nThe Common Vulnerabilities and Exposures project ([cve.mitre.org](<http://www.cve.mitre.org/>)) has assigned the names CVE-2010-3609 to this issue. \nColumn 4 of the following table lists the action required to remediate the vulnerability in each release, if a solution is available. \n\n", "modified": "2012-01-30T00:00:00", "published": "2011-03-07T00:00:00", "id": "VMSA-2011-0004", "href": "https://www.vmware.com/security/advisories/VMSA-2011-0004.html", "title": "VMware ESX/ESXi SLPD denial of service vulnerability and ESX third party updates for Service Console packages bind, pam, and rpm.", "type": "vmware", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}