[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

249982

 
 

909

 
 

195748

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2010-3853Date: (C)2011-01-24   (M)2023-12-22


pam_namespace.c in the pam_namespace module in Linux-PAM (aka pam) before 1.1.3 uses the environment of the invoking application or service during execution of the namespace.init script, which might allow local users to gain privileges by running a setuid program that relies on the pam_namespace PAM check, as demonstrated by the sudo program.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 6.9
Exploit Score: 3.4
Impact Score: 10.0
 
CVSS V2 Metrics:
Access Vector: LOCAL
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality: COMPLETE
Integrity: COMPLETE
Availability: COMPLETE
  
Reference:
http://www.securityfocus.com/archive/1/516909/100/0/threaded
SECUNIA-49711
ADV-2011-0606
GLSA-201206-31
MDVSA-2010:220
RHSA-2010:0819
RHSA-2010:0891
http://lists.vmware.com/pipermail/security-announce/2011/000126.html
http://pam.cvs.sourceforge.net/viewvc/pam/Linux-PAM/modules/pam_namespace/pam_namespace.c?view=log#rev1.13
http://www.vmware.com/security/advisories/VMSA-2011-0004.html
https://bugzilla.redhat.com/show_bug.cgi?id=643043

OVAL    10
oval:org.secpod.oval:def:300275
oval:org.secpod.oval:def:500311
oval:org.secpod.oval:def:100766
oval:org.secpod.oval:def:100124
...

© SecPod Technologies