3.3 Low
CVSS2
Access Vector
LOCAL
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:L/AC:M/Au:N/C:P/I:P/A:N
0.0004 Low
EPSS
Percentile
9.3%
The run_coprocess function in pam_xauth.c in the pam_xauth module in
Linux-PAM (aka pam) before 1.1.2 does not check the return values of the
setuid, setgid, and setgroups system calls, which might allow local users
to read arbitrary files by executing a program that relies on the pam_xauth
PAM check.
Author | Note |
---|---|
mdeslaur | patch below also includes partial fix for CVE-2010-3435, but introduces CVE-2010-3430 and CVE-2010-3431 see complete patch list in CVE-2010-3435 |