EUVD-2010-3428

Malware in sbrugna...

EUVD-2010-3433

Malware in sbrugna...

Linux Distros Unpatched Vulnerability : CVE-2010-3435

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The 1 pamenv and 2 pammail modules in Linux-PAM aka pam before 1.1.2 use root privileges during read access to files and directories that belong to arbitrary us...

RHEL 3 : pam (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 3 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - pam: pamenv and pammail accessing users' file with root privileges CVE-2010-3435 - The runcoprocess...

SUSE CVE-2010-3430

The privilege-dropping implementation in the 1 pamenv and 2 pammail modules in Linux-PAM aka pam 1.1.2 does not perform the required setfsgid and setgroups system calls, which might allow local users to obtain sensitive information by leveraging unintended group permissions, as demonstrated by a...

Scientific Linux Security Update : pam on SL6.x i386/x86_64

It was discovered that the pamnamespace module executed the external script namespace.init with an unchanged environment inherited from an application calling PAM. In cases where such an environment was untrusted for example, when pamnamespace was configured for setuid applications such as su or...

pam security update

1.1.1-4.1 - fix insecure dropping of priviledges in pamxauth, pamenv, and pammail - CVE-2010-3316 637898, CVE-2010-3435 641335 - fix insecure executing of scripts with user supplied environment variables in pamnamespace - CVE-2010-3853 643043...

CVE-2010-3435

The 1 pamenv and 2 pammail modules in Linux-PAM aka pam before 1.1.2 use root privileges during read access to files and directories that belong to arbitrary user accounts, which might allow local users to obtain sensitive information by leveraging this filesystem activity, as demonstrated by a...

CVE-2010-3431

The privilege-dropping implementation in the 1 pamenv and 2 pammail modules in Linux-PAM aka pam 1.1.2 does not check the return value of the setfsuid system call, which might allow local users to obtain sensitive information by leveraging an unintended uid, as demonstrated by a symlink attack on...

CVE-2010-3430

The privilege-dropping implementation in the 1 pamenv and 2 pammail modules in Linux-PAM aka pam 1.1.2 does not perform the required setfsgid and setgroups system calls, which might allow local users to obtain sensitive information by leveraging unintended group permissions, as demonstrated by a...

Privilege escalation

The privilege-dropping implementation in the 1 pamenv and 2 pammail modules in Linux-PAM aka pam 1.1.2 does not perform the required setfsgid and setgroups system calls, which might allow local users to obtain sensitive information by leveraging unintended group permissions, as demonstrated by a...

Privilege escalation

The privilege-dropping implementation in the 1 pamenv and 2 pammail modules in Linux-PAM aka pam 1.1.2 does not check the return value of the setfsuid system call, which might allow local users to obtain sensitive information by leveraging an unintended uid, as demonstrated by a symlink attack on...

Directory traversal

The 1 pamenv and 2 pammail modules in Linux-PAM aka pam before 1.1.2 use root privileges during read access to files and directories that belong to arbitrary user accounts, which might allow local users to obtain sensitive information by leveraging this filesystem activity, as demonstrated by a...

CVE-2010-3435

The 1 pamenv and 2 pammail modules in Linux-PAM aka pam before 1.1.2 use root privileges during read access to files and directories that belong to arbitrary user accounts, which might allow local users to obtain sensitive information by leveraging this filesystem activity, as demonstrated by a...

CVE-2010-3435

The 1 pamenv and 2 pammail modules in Linux-PAM aka pam before 1.1.2 use root privileges during read access to files and directories that belong to arbitrary user accounts, which might allow local users to obtain sensitive information by leveraging this filesystem activity, as demonstrated by a...

CVE-2010-3430

The privilege-dropping implementation in the 1 pamenv and 2 pammail modules in Linux-PAM aka pam 1.1.2 does not perform the required setfsgid and setgroups system calls, which might allow local users to obtain sensitive information by leveraging unintended group permissions, as demonstrated by a...

CVE-2010-3435

CVE-2010-3435 affects Linux-PAM (pam) 0.99.x through 1.1.1, where the (1) pam_env and (2) pam_mail modules perform read access with root privileges to files/dirs owned by arbitrary users. This can enable local users to obtain sensitive information via filesystem activity, demonstrated by a symlin...

CVE-2010-3431

The CVE-2010-3431 entry concerns Linux-PAM (pam) privilege elevation via pam_env/pam_mail. Affected if using pam before 1.1.2 where setfsuid return values are not checked, enabling local users to obtain sensitive information through root-privilege filesystem activity (notably a symlink attack on ...

CVE-2010-3435

The 1 pamenv and 2 pammail modules in Linux-PAM aka pam before 1.1.2 use root privileges during read access to files and directories that belong to arbitrary user accounts, which might allow local users to obtain sensitive information by leveraging this filesystem activity, as demonstrated by a...

Fedora 12 : pam-1.1.1-6.fc12 (2010-17133)

This update fixes moderate vulnerabilities in pamenv, pamnamespace, pammail, and pamxauth modules. Default configurations or configurations generated by authconfig are not affected by the pammail and pamnamespace vulnerabilities. Note that Tenable Network Security has extracted the preceding...