Multiple vulnerabilities in git.kernel linux-pam
| Risk | Medium |
| Patch available | YES |
| Number of vulnerabilities | 2 |
| CVE-ID | CVE-2010-3435 CVE-2010-3316 |
| CWE-ID | CWE-20 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software |
linux-pam Other software / Other software solutions |
| Vendor | git.kernel.org |
Security Bulletin
This security bulletin contains information about 2 vulnerabilities.
1) Input validation error
EUVDB-ID: #VU45413
Risk: Medium
CVSSv4.0: 4.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2010-3435
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.
The (1) pam_env and (2) pam_mail modules in Linux-PAM (aka pam) before 1.1.2 use root privileges during read access to files and directories that belong to arbitrary user accounts, which might allow local users to obtain sensitive information by leveraging this filesystem activity, as demonstrated by a symlink attack on the .pam_environment file in a user's home directory.
MitigationInstall update from vendor's website.
Vulnerable software versionslinux-pam: 0.99.1.0 - 1.1.0
CPE2.3- cpe:2.3:a:git.kernel.org:linux-pam:0.99.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:git.kernel.org:linux-pam:0.99.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:git.kernel.org:linux-pam:0.99.2.1:*:*:*:*:*:*:*
https://git.altlinux.org/people/ldv/packages/?p=pam.git;a=commit;h=06f882f30092a39a1db867c9744b2ca8d60e4ad6
https://lists.vmware.com/pipermail/security-announce/2011/000126.html
https://openwall.com/lists/oss-security/2010/09/21/3
https://openwall.com/lists/oss-security/2010/09/27/10
https://openwall.com/lists/oss-security/2010/09/27/4
https://openwall.com/lists/oss-security/2010/09/27/5
https://openwall.com/lists/oss-security/2010/09/27/7
https://openwall.com/lists/oss-security/2010/09/27/8
https://openwall.com/lists/oss-security/2010/10/25/2
https://secunia.com/advisories/49711
https://security.gentoo.org/glsa/glsa-201206-31.xml
https://www.mandriva.com/security/advisories?name=MDVSA-2010:220
https://www.openwall.com/lists/oss-security/2010/09/24/2
https://www.redhat.com/support/errata/RHSA-2010-0819.html
https://www.redhat.com/support/errata/RHSA-2010-0891.html
https://www.securityfocus.com/archive/1/516909/100/0/threaded
https://www.vmware.com/security/advisories/VMSA-2011-0004.html
https://www.vupen.com/english/advisories/2011/0606
https://bugzilla.redhat.com/show_bug.cgi?id=641335
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Input validation error
EUVDB-ID: #VU45415
Risk: Medium
CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2010-3316
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to read and manipulate data.
The run_coprocess function in pam_xauth.c in the pam_xauth module in Linux-PAM (aka pam) before 1.1.2 does not check the return values of the setuid, setgid, and setgroups system calls, which might allow local users to read arbitrary files by executing a program that relies on the pam_xauth PAM check.
MitigationInstall update from vendor's website.
Vulnerable software versionslinux-pam: 0.99.1.0 - 1.1.0
CPE2.3- cpe:2.3:a:git.kernel.org:linux-pam:0.99.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:git.kernel.org:linux-pam:0.99.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:git.kernel.org:linux-pam:0.99.2.1:*:*:*:*:*:*:*
https://git.altlinux.org/people/ldv/packages/?p=pam.git;a=commit;h=06f882f30092a39a1db867c9744b2ca8d60e4ad6
https://lists.vmware.com/pipermail/security-announce/2011/000126.html
https://openwall.com/lists/oss-security/2010/08/16/2
https://openwall.com/lists/oss-security/2010/09/21/3
https://openwall.com/lists/oss-security/2010/09/21/8
https://openwall.com/lists/oss-security/2010/09/27/10
https://openwall.com/lists/oss-security/2010/09/27/4
https://openwall.com/lists/oss-security/2010/09/27/5
https://openwall.com/lists/oss-security/2010/09/27/7
https://openwall.com/lists/oss-security/2010/10/25/2
https://secunia.com/advisories/49711
https://security.gentoo.org/glsa/glsa-201206-31.xml
https://www.mandriva.com/security/advisories?name=MDVSA-2010:220
https://www.openwall.com/lists/oss-security/2010/09/24/2
https://www.redhat.com/support/errata/RHSA-2010-0819.html
https://www.redhat.com/support/errata/RHSA-2010-0891.html
https://www.securityfocus.com/archive/1/516909/100/0/threaded
https://www.vmware.com/security/advisories/VMSA-2011-0004.html
https://www.vupen.com/english/advisories/2011/0606
https://bugzilla.redhat.com/show_bug.cgi?id=637898
https://sourceforge.net/tracker/?func=detail&aid=3028213&group_id=6663&atid=106663
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
