Lucene search
Ubuntu.comUB:CVE-2010-3316HistoryJan 24, 2011 - 12:00 a.m.
CVE-2010-3316
2011-01-2400:00:00
ubuntu.com
ubuntu.com
7
3.3 Low
CVSS2
Access Vector
LOCAL
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:L/AC:M/Au:N/C:P/I:P/A:N
0.0004 Low
EPSS
Percentile
9.3%
The run_coprocess function in pam_xauth.c in the pam_xauth module in
Linux-PAM (aka pam) before 1.1.2 does not check the return values of the
setuid, setgid, and setgroups system calls, which might allow local users
to read arbitrary files by executing a program that relies on the pam_xauth
PAM check.
Bugs
- <http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=599832>
- http://sourceforge.net/tracker/?func=detail&aid=3028213&group_id=6663&atid=106663
Notes
| Author | Note |
|---|---|
| mdeslaur | patch below also includes partial fix for CVE-2010-3435, but introduces CVE-2010-3430 and CVE-2010-3431 see complete patch list in CVE-2010-3435 |
Related
ubuntucve
ubuntucve
cve
cve
debiancve
debiancve
prion
prion
Privilege escalation
2011-01-24 18:00:00
Privilege escalation
2011-01-24 18:00:00
Design/Logic Flaw
2011-01-24 18:00:00
ubuntu
ubuntu
PAM vulnerabilities
2011-05-30 00:00:00
PAM regression
2011-05-31 00:00:00
openvas
openvas
Ubuntu Update for pam USN-1140-1
2011-06-06 00:00:00
Ubuntu Update for pam USN-1140-2
2011-06-06 00:00:00
Ubuntu: Security Advisory (USN-1140-2)
2011-06-06 00:00:00
nessus
nessus
Ubuntu 8.04 LTS / 10.04 LTS / 10.10 / 11.04 : pam regression (USN-1140-2)
2011-06-13 00:00:00
Mandriva Linux Security Advisory : pam (MDVSA-2010:220)
2010-11-04 00:00:00
fedora
fedora
[SECURITY] Fedora 13 Update: pam-1.1.1-6.fc13
2010-11-04 23:28:57
[SECURITY] Fedora 12 Update: pam-1.1.1-6.fc12
2010-11-17 23:16:19
[SECURITY] Fedora 14 Update: pam-1.1.1-6.fc14
2010-11-06 23:42:52
securityvulns
securityvulns
PAM authentuication modules multiple security vulnerabilities
2010-11-08 00:00:00
[ MDVSA-2010:220 ] pam
2010-11-08 00:00:00
gentoo
gentoo
Linux-PAM: Multiple vulnerabilities
2012-06-25 00:00:00
oraclelinux
oraclelinux
pam security update
2010-11-01 00:00:00
pam security update
2011-02-10 00:00:00
redhat
redhat
(RHSA-2010:0819) Moderate: pam security update
2010-11-01 00:00:00
(RHSA-2010:0891) Moderate: pam security update
2010-11-16 00:00:00
centos
centos
pam security update
2010-11-01 21:56:05
veracode
veracode
Remote Code Execution (RCE)
2020-04-10 00:47:50
Information Disclosure
2020-04-10 00:47:51
vmware
vmware
suse
suse
Security update for pam (important)
2011-11-03 00:08:45
Security update for pam (important)
2011-11-04 15:08:22
Security update for pam (important)
2011-11-02 23:08:31
3.3 Low
CVSS2
Access Vector
LOCAL
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:L/AC:M/Au:N/C:P/I:P/A:N
0.0004 Low
EPSS
Percentile
9.3%
Related for UB:CVE-2010-3316