Vulnerabilities

CVE-2010-3853

by Fred · 24/01/2011

pam_namespace.c in the pam_namespace module in Linux-PAM (aka pam) before 1.1.3 uses the environment of the invoking application or service during execution of the namespace.init script, which might allow local users to gain privileges by running a setuid program that relies on the pam_namespace PAM check, as demonstrated by the sudo program.

Date published : 2011-01-24

http://www.securityfocus.com/archive/1/516909/100/0/threaded

http://pam.cvs.sourceforge.net/viewvc/pam/Linux-PAM/modules/pam_namespace/pam_namespace.c?view=log#rev1.13

Similar

Tags: Cybersecurity Alert