DEBIAN-CVE-2010-3430

The privilege-dropping implementation in the 1 pamenv and 2 pammail modules in Linux-PAM aka pam 1.1.2 does not perform the required setfsgid and setgroups system calls, which might allow local users to obtain sensitive information by leveraging unintended group permissions, as demonstrated by a...

DEBIAN-CVE-2010-3316

The runcoprocess function in pamxauth.c in the pamxauth module in Linux-PAM aka pam before 1.1.2 does not check the return values of the setuid, setgid, and setgroups system calls, which might allow local users to read arbitrary files by executing a program that relies on the pamxauth PAM check...

Privilege escalation

The privilege-dropping implementation in the 1 pamenv and 2 pammail modules in Linux-PAM aka pam 1.1.2 does not perform the required setfsgid and setgroups system calls, which might allow local users to obtain sensitive information by leveraging unintended group permissions, as demonstrated by a...

Design/Logic Flaw

The runcoprocess function in pamxauth.c in the pamxauth module in Linux-PAM aka pam before 1.1.2 does not check the return values of the setuid, setgid, and setgroups system calls, which might allow local users to read arbitrary files by executing a program that relies on the pamxauth PAM check...

CVE-2010-3316

CVE-2010-3316 affects the pam_xauth module of Linux-PAM before 1.1.2. The issue is in pam_xauth.c: the run_coprocess function does not validate the return values of setuid, setgid, and setgroups, which may allow a local attacker to read arbitrary files by exploiting the pam_xauth PAM check. The c...

CVE-2010-3316

The runcoprocess function in pamxauth.c in the pamxauth module in Linux-PAM aka pam before 1.1.2 does not check the return values of the setuid, setgid, and setgroups system calls, which might allow local users to read arbitrary files by executing a program that relies on the pamxauth PAM check...

CVE-2010-3430

The privilege-dropping implementation in the 1 pamenv and 2 pammail modules in Linux-PAM aka pam 1.1.2 does not perform the required setfsgid and setgroups system calls, which might allow local users to obtain sensitive information by leveraging unintended group permissions, as demonstrated by a...

CVE-2010-3316

The runcoprocess function in pamxauth.c in the pamxauth module in Linux-PAM aka pam before 1.1.2 does not check the return values of the setuid, setgid, and setgroups system calls, which might allow local users to read arbitrary files by executing a program that relies on the pamxauth PAM check...

CVE-2010-3316

The runcoprocess function in pamxauth.c in the pamxauth module in Linux-PAM aka pam before 1.1.2 does not check the return values of the setuid, setgid, and setgroups system calls, which might allow local users to read arbitrary files by executing a program that relies on the pamxauth PAM check...

pam: pam_xauth missing return value checks from setuid() and similar calls

The runcoprocess function in pamxauth.c in the pamxauth module in Linux-PAM aka pam before 1.1.2 does not check the return values of the setuid, setgid, and setgroups system calls, which might allow local users to read arbitrary files by executing a program that relies on the pamxauth PAM check...

CVE-2002-0080

CVE-2002-0080 affects rsync when run in daemon mode: it does not call setgroups before dropping privileges, potentially letting local users inherit supplementary group privileges and read files they shouldn’t. The vulnerability is demonstrated across multiple advisories (Mandrake/MDKSA-2002:024, ...