Symlink Attack in PAM Impacting Ubuntu Systems
CVE-2010-0832

Currently unrated

Key Information:

Vendor

Canonical

Status
Ubuntu Linux
Vendor
CVE Published:
12 July 2010

Badges

๐Ÿ‘พ Exploit Exists๐ŸŸก Public PoC

What is CVE-2010-0832?

The MOTD module in libpam-modules prior to specific updates on Ubuntu 9.10 and 10.04 LTS exposes local users to a symlink attack. By exploiting vulnerabilities in the .cache directory of a user's home, an attacker can change the ownership of arbitrary files. This issue is related to the handling of user file stamps and the motd.legal-notice file, creating potential avenues for local privilege escalation.

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2010-0832 - Proof of Concept

Popcorn-TJNULL-OSCP-
Created by R3fr4kt

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/60194
vdb-entryx_refsource_XF
http://www.ubuntu.com/usn/USN-959-1
vendor-advisoryx_refsource_UBUNTU
http://www.securityfocus.com/bid/41465
vdb-entryx_refsource_BID

Timeline

  • ๐ŸŸก

    Public PoC available

  • ๐Ÿ‘พ

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

.