CVE-2010-4707

2011-01-2400:00:00

ubuntu.com

4.9 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:C/I:N/A:N

0.0004 Low

EPSS

Percentile

5.2%

JSON

The check_acl function in pam_xauth.c in the pam_xauth module in Linux-PAM
(aka pam) 1.1.2 and earlier does not verify that a certain ACL file is a
regular file, which might allow local users to cause a denial of service
(resource consumption) via a special file.

Bugs

<http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=611136>

Notes

Author	Note
sbeattie	pam_xauth not enabled in the default install
mdeslaur	see complete patch list in CVE-2010-3435

OSVersionArchitecturePackageVersionFilename
ubuntu8.04noarchpam< 0.99.7.1-5ubuntu6.3UNKNOWN
ubuntu10.04noarchpam< 1.1.1-2ubuntu5.2UNKNOWN
ubuntu10.10noarchpam< 1.1.1-4ubuntu2.2UNKNOWN
ubuntu11.04noarchpam< 1.1.2-2ubuntu8.2UNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	8.04	noarch	pam	< 0.99.7.1-5ubuntu6.3	UNKNOWN
ubuntu	10.04	noarch	pam	< 1.1.1-2ubuntu5.2	UNKNOWN
ubuntu	10.10	noarch	pam	< 1.1.1-4ubuntu2.2	UNKNOWN
ubuntu	11.04	noarch	pam	< 1.1.2-2ubuntu8.2	UNKNOWN