SUSE CVE-2010-3431

The privilege-dropping implementation in the 1 pamenv and 2 pammail modules in Linux-PAM aka pam 1.1.2 does not check the return value of the setfsuid system call, which might allow local users to obtain sensitive information by leveraging an unintended uid, as demonstrated by a symlink attack on...

DEBIAN-CVE-2010-3430

The privilege-dropping implementation in the 1 pamenv and 2 pammail modules in Linux-PAM aka pam 1.1.2 does not perform the required setfsgid and setgroups system calls, which might allow local users to obtain sensitive information by leveraging unintended group permissions, as demonstrated by a...

DEBIAN-CVE-2010-3431

The privilege-dropping implementation in the 1 pamenv and 2 pammail modules in Linux-PAM aka pam 1.1.2 does not check the return value of the setfsuid system call, which might allow local users to obtain sensitive information by leveraging an unintended uid, as demonstrated by a symlink attack on...

PT-2010-1042 · Linux +1 · Linux-Pam +1

Name of the Vulnerable Software and Affected Versions: Linux-PAM versions prior to 1.1.2 Red Hat Enterprise Linux pam-devel version 1.1.1 Red Hat Enterprise Linux pam-debuginfo version 1.1.1 Red Hat Enterprise Linux pam version 1.1.1 Description: The issue concerns multiple vulnerabilities in the...