Local Resource Consumption Risk in Linux-PAM's pam_xauth Module
CVE-2010-4707

Currently unrated

Key Information:

Vendor: Linux-pam
Status: Linux-pam
Vendor: CVE Published:; 24 January 2011

What is CVE-2010-4707?

The pam_xauth module in Linux-PAM (version 1.1.2 and earlier) has a vulnerability in the check_acl function, which fails to confirm that a specified Access Control List (ACL) file is a regular file type. This oversight can potentially allow local users to exploit the system by the creation of special file types, leading to resource consumption issues and, consequently, denial of service for the system.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/65036

vdb-entryx_refsource_XF

http://security.gentoo.org/glsa/glsa-201206-31.xml

vendor-advisoryx_refsource_GENTOO

http://openwall.com/lists/oss-security/2010/10/03/1

mailing-listx_refsource_MLIST

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 24, 2011
Vulnerability Reserved
Jan 24, 2011

Linux-pam

What is CVE-2010-4707?

References

Timeline