25 matches found
RHEL 4 : pam (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 4 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - pam: pamenv and pammail accessing users' file with root privileges CVE-2010-3435 - pam: pamxauth: Does no...
RHEL 3 : pam (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 3 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - pam: pamenv and pammail accessing users' file with root privileges CVE-2010-3435 - The runcoprocess...
NewStart CGSL CORE 5.04 / MAIN 5.04 : pam Multiple Vulnerabilities (NS-SA-2019-0198)
The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has pam packages installed that are affected by multiple vulnerabilities: - pamunix.so in Linux-PAM 0.99.7.0 allows context- dependent attackers to log into accounts whose password hash, as stored in /etc/passwd or /etc/shadow,...
Oracle: Security Advisory (ELSA-2010-0891)
The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Oracle Linux 5 : pam (ELSA-2010-0819)
The remote Oracle Linux 5 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2010-0819 advisory. - fix insecure dropping of priviledges in pamxauth and pammail - CVE-2010-3316 637898, CVE-2010-3435 641335 Tenable has extracted the preceding...
Scientific Linux Security Update : pam on SL6.x i386/x86_64
It was discovered that the pamnamespace module executed the external script namespace.init with an unchanged environment inherited from an application calling PAM. In cases where such an environment was untrusted for example, when pamnamespace was configured for setuid applications such as su or...
Scientific Linux Security Update : pam on SL5.x i386/x86_64
It was discovered that the pamnamespace module executed the external script namespace.init with an unchanged environment inherited from an application calling PAM. In cases where such an environment was untrusted for example, when pamnamespace was configured for setuid applications such as su or...
Ubuntu: Security Advisory (USN-1140-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
VMSA-2011-0004 : VMware ESX/ESXi SLPD denial of service vulnerability and ESX third-party updates for Service Console packages bind, pam, and rpm.
a. Service Location Protocol daemon DoS This patch fixes a denial-of-service vulnerability in the Service Location Protocol daemon SLPD. Exploitation of this vulnerability could cause SLPD to consume significant CPU resources. VMware would like to thank Nicolas Gregoire and US CERT for reporting...
pam security update
1.1.1-4.1 - fix insecure dropping of priviledges in pamxauth, pamenv, and pammail - CVE-2010-3316 637898, CVE-2010-3435 641335 - fix insecure executing of scripts with user supplied environment variables in pamnamespace - CVE-2010-3853 643043...
Privilege escalation
The privilege-dropping implementation in the 1 pamenv and 2 pammail modules in Linux-PAM aka pam 1.1.2 does not perform the required setfsgid and setgroups system calls, which might allow local users to obtain sensitive information by leveraging unintended group permissions, as demonstrated by a...
CVE-2010-3430
CVE-2010-3430 documents a privilege drop flaw in Linux-PAM (pam_env and pam_mail) where setfsgid/setgroups aren’t called, enabling local users to glean sensitive info via a symlink attack on ~/.pam_environment. The issue stems from Linux-PAM before version 1.1.2 pam_env/pam_mail reading files wit...
CVE-2010-3435
CVE-2010-3435 affects Linux-PAM (pam) 0.99.x through 1.1.1, where the (1) pam_env and (2) pam_mail modules perform read access with root privileges to files/dirs owned by arbitrary users. This can enable local users to obtain sensitive information via filesystem activity, demonstrated by a symlin...
CVE-2010-3435
The 1 pamenv and 2 pammail modules in Linux-PAM aka pam before 1.1.2 use root privileges during read access to files and directories that belong to arbitrary user accounts, which might allow local users to obtain sensitive information by leveraging this filesystem activity, as demonstrated by a...
Fedora Update for pam FEDORA-2010-17155
The remote host is missing an update for the SPDX-FileCopyrightText: 2010 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...
CentOS 5 : pam (CESA-2010:0819)
Updated pam packages that fix three security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings, are...
Fedora Update for pam FEDORA-2010-17133
The remote host is missing an update for the SPDX-FileCopyrightText: 2010 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...
Moderate: Red Hat Security Advisory: pam security update
Updated pam packages that fix three security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings, are...
Mandriva Update for pam MDVSA-2010:220 (pam)
Check for the Version of pam OpenVAS Vulnerability Test Mandriva Update for pam MDVSA-2010:220 pam Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the terms ...
RedHat Update for pam RHSA-2010:0819-01
Check for the Version of pam OpenVAS Vulnerability Test RedHat Update for pam RHSA-2010:0819-01 Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the terms of...