Local File Deletion Vulnerability in Linux-PAM pam_xauth Module
CVE-2010-4706

Currently unrated

Key Information:

Vendor: Linux-pam
Status: Linux-pam
Vendor: CVE Published:; 24 January 2011

What is CVE-2010-4706?

The pam_xauth module of Linux-PAM versions 1.1.2 and earlier contains a flaw in the pam_sm_close_session function, which may fail to correctly determine a specific target user ID. This weakness could enable local users to exploit the pam_xauth PAM check, potentially leading to unintended file deletion by executing a malicious program that leverages this vulnerability.

References

http://git.altlinux.org/people/ldv/packages/?p=pam.git%3B...

x_refsource_CONFIRM

http://security.gentoo.org/glsa/glsa-201206-31.xml

vendor-advisoryx_refsource_GENTOO

http://openwall.com/lists/oss-security/2010/10/03/1

mailing-listx_refsource_MLIST

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 24, 2011
Vulnerability Reserved
Jan 24, 2011

Linux-pam

What is CVE-2010-4706?

References

Timeline