Lucene search
K

25 matches found

Tenable Nessus
Tenable Nessus
added 2024/06/03 12:0 a.m.25 views

RHEL 4 : pam (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 4 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - pam: pamenv and pammail accessing users' file with root privileges CVE-2010-3435 - pam: pamxauth: Does no...

4.7CVSS6.8AI score0.00366EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2024/06/03 12:0 a.m.27 views

RHEL 3 : pam (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 3 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - pam: pamenv and pammail accessing users' file with root privileges CVE-2010-3435 - The runcoprocess...

4.7CVSS5.3AI score0.00366EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2019/10/15 12:0 a.m.30 views

NewStart CGSL CORE 5.04 / MAIN 5.04 : pam Multiple Vulnerabilities (NS-SA-2019-0198)

The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has pam packages installed that are affected by multiple vulnerabilities: - pamunix.so in Linux-PAM 0.99.7.0 allows context- dependent attackers to log into accounts whose password hash, as stored in /etc/passwd or /etc/shadow,...

7.2CVSS6.3AI score0.04087EPSS
Exploits2References8
OpenVAS
OpenVAS
added 2015/10/06 12:0 a.m.29 views

Oracle: Security Advisory (ELSA-2010-0891)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.2CVSS5.1AI score0.00416EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2013/07/12 12:0 a.m.42 views

Oracle Linux 5 : pam (ELSA-2010-0819)

The remote Oracle Linux 5 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2010-0819 advisory. - fix insecure dropping of priviledges in pamxauth and pammail - CVE-2010-3316 637898, CVE-2010-3435 641335 Tenable has extracted the preceding...

6.9CVSS5.5AI score0.00416EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2012/08/01 12:0 a.m.27 views

Scientific Linux Security Update : pam on SL6.x i386/x86_64

It was discovered that the pamnamespace module executed the external script namespace.init with an unchanged environment inherited from an application calling PAM. In cases where such an environment was untrusted for example, when pamnamespace was configured for setuid applications such as su or...

6.9CVSS5.8AI score0.00416EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2012/08/01 12:0 a.m.29 views

Scientific Linux Security Update : pam on SL5.x i386/x86_64

It was discovered that the pamnamespace module executed the external script namespace.init with an unchanged environment inherited from an application calling PAM. In cases where such an environment was untrusted for example, when pamnamespace was configured for setuid applications such as su or...

6.9CVSS5.8AI score0.00416EPSS
Exploits0References4
OpenVAS
OpenVAS
added 2011/06/06 12:0 a.m.30 views

Ubuntu: Security Advisory (USN-1140-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

6.9CVSS6.7AI score0.01929EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2011/03/08 12:0 a.m.30 views

VMSA-2011-0004 : VMware ESX/ESXi SLPD denial of service vulnerability and ESX third-party updates for Service Console packages bind, pam, and rpm.

a. Service Location Protocol daemon DoS This patch fixes a denial-of-service vulnerability in the Service Location Protocol daemon SLPD. Exploitation of this vulnerability could cause SLPD to consume significant CPU resources. VMware would like to thank Nicolas Gregoire and US CERT for reporting...

7.2CVSS6.1AI score0.17223EPSS
Exploits1References11
Oracle linux
Oracle linux
added 2011/02/10 12:0 a.m.38 views

pam security update

1.1.1-4.1 - fix insecure dropping of priviledges in pamxauth, pamenv, and pammail - CVE-2010-3316 637898, CVE-2010-3435 641335 - fix insecure executing of scripts with user supplied environment variables in pamnamespace - CVE-2010-3853 643043...

7.2CVSS2.5AI score0.00416EPSS
Exploits0
Prion
Prion
added 2011/01/24 6:0 p.m.18 views

Privilege escalation

The privilege-dropping implementation in the 1 pamenv and 2 pammail modules in Linux-PAM aka pam 1.1.2 does not perform the required setfsgid and setgroups system calls, which might allow local users to obtain sensitive information by leveraging unintended group permissions, as demonstrated by a...

4.7CVSS5.9AI score0.00356EPSS
Exploits0References16Affected Software1
CVE
CVE
added 2011/01/24 5:0 p.m.110 views

CVE-2010-3430

CVE-2010-3430 documents a privilege drop flaw in Linux-PAM (pam_env and pam_mail) where setfsgid/setgroups aren’t called, enabling local users to glean sensitive info via a symlink attack on ~/.pam_environment. The issue stems from Linux-PAM before version 1.1.2 pam_env/pam_mail reading files wit...

4.7CVSS5.5AI score0.0034EPSS
Exploits0References16Affected Software1
CVE
CVE
added 2011/01/24 5:0 p.m.101 views

CVE-2010-3435

CVE-2010-3435 affects Linux-PAM (pam) 0.99.x through 1.1.1, where the (1) pam_env and (2) pam_mail modules perform read access with root privileges to files/dirs owned by arbitrary users. This can enable local users to obtain sensitive information via filesystem activity, demonstrated by a symlin...

4.7CVSS5.5AI score0.00356EPSS
Exploits0References19Affected Software1
UbuntuCve
UbuntuCve
added 2011/01/24 12:0 a.m.26 views

CVE-2010-3435

The 1 pamenv and 2 pammail modules in Linux-PAM aka pam before 1.1.2 use root privileges during read access to files and directories that belong to arbitrary user accounts, which might allow local users to obtain sensitive information by leveraging this filesystem activity, as demonstrated by a...

4.7CVSS5.9AI score0.00356EPSS
Exploits0References3
OpenVAS
OpenVAS
added 2010/12/02 12:0 a.m.28 views

Fedora Update for pam FEDORA-2010-17155

The remote host is missing an update for the SPDX-FileCopyrightText: 2010 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...

6.9CVSS6.5AI score0.00416EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2010/11/24 12:0 a.m.28 views

CentOS 5 : pam (CESA-2010:0819)

Updated pam packages that fix three security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings, are...

6.9CVSS5.9AI score0.00416EPSS
Exploits0References6
OpenVAS
OpenVAS
added 2010/11/23 12:0 a.m.28 views

Fedora Update for pam FEDORA-2010-17133

The remote host is missing an update for the SPDX-FileCopyrightText: 2010 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...

6.9CVSS6.5AI score0.00416EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2010/11/16 5:51 p.m.42 views

Moderate: Red Hat Security Advisory: pam security update

Updated pam packages that fix three security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings, are...

7.2CVSS6.2AI score0.00416EPSS
Exploits0References4
OpenVAS
OpenVAS
added 2010/11/16 12:0 a.m.38 views

Mandriva Update for pam MDVSA-2010:220 (pam)

Check for the Version of pam OpenVAS Vulnerability Test Mandriva Update for pam MDVSA-2010:220 pam Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the terms ...

6.9CVSS6.5AI score0.00416EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2010/11/16 12:0 a.m.31 views

RedHat Update for pam RHSA-2010:0819-01

Check for the Version of pam OpenVAS Vulnerability Test RedHat Update for pam RHSA-2010:0819-01 Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the terms of...

6.9CVSS0.1AI score0.00416EPSS
Exploits0References2
Rows per page
Query Builder