Local Privilege Escalation Vulnerability in Linux-PAM by Linux
CVE-2010-3853

Currently unrated

Key Information:

Vendor: Linux-pam
Status: Linux-pam
Vendor: CVE Published:; 24 January 2011

What is CVE-2010-3853?

The pam_namespace module in Linux-PAM versions prior to 1.1.3 uses the environment of the calling application or service during the execution of the namespace.init script. This design flaw can enable local users to gain elevated privileges by executing a setuid program that relies on the pam_namespace PAM check, potentially allowing them unauthorized actions within the system.

References

http://security.gentoo.org/glsa/glsa-201206-31.xml

vendor-advisoryx_refsource_GENTOO

http://lists.vmware.com/pipermail/security-announce/2011/...

mailing-listx_refsource_MLIST

http://www.vupen.com/english/advisories/2011/0606

vdb-entryx_refsource_VUPEN

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 24, 2011
Vulnerability Reserved
Oct 8, 2010

Linux-pam

What is CVE-2010-3853?

References

Timeline