CVE-2010-3853

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2010-3853
pam_namespace.c in the pam_namespace module in Linux-PAM (aka pam) before 1.1.3 uses the environment of the invoking application or service during execution of the namespace.init script, which might allow local users to gain privileges by running a setuid program that relies on the pam_namespace PAM check, as demonstrated by the sudo program.

6.9 /10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:L/AC:M/Au:N/C:C/I:C/A:C

Exploitability : 3.4 / Impact : 10.0

Access Vector LOCAL

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References
Link Resource
http://lists.vmware.com/pipermail/security-announce/2011/000126.html
http://pam.cvs.sourceforge.net/viewvc/pam/Linux-PAM/modules/pam_namespace/pam_namespace.c?view=log#rev1.13 Patch
http://secunia.com/advisories/49711
http://security.gentoo.org/glsa/glsa-201206-31.xml
http://www.mandriva.com/security/advisories?name=MDVSA-2010:220
http://www.redhat.com/support/errata/RHSA-2010-0819.html
http://www.redhat.com/support/errata/RHSA-2010-0891.html
http://www.securityfocus.com/archive/1/516909/100/0/threaded
http://www.vmware.com/security/advisories/VMSA-2011-0004.html
http://www.vupen.com/english/advisories/2011/0606
https://bugzilla.redhat.com/show_bug.cgi?id=643043 Patch
http://lists.vmware.com/pipermail/security-announce/2011/000126.html
http://pam.cvs.sourceforge.net/viewvc/pam/Linux-PAM/modules/pam_namespace/pam_namespace.c?view=log#rev1.13 Patch
http://secunia.com/advisories/49711
http://security.gentoo.org/glsa/glsa-201206-31.xml
http://www.mandriva.com/security/advisories?name=MDVSA-2010:220
http://www.redhat.com/support/errata/RHSA-2010-0819.html
http://www.redhat.com/support/errata/RHSA-2010-0891.html
http://www.securityfocus.com/archive/1/516909/100/0/threaded
http://www.vmware.com/security/advisories/VMSA-2011-0004.html
http://www.vupen.com/english/advisories/2011/0606
https://bugzilla.redhat.com/show_bug.cgi?id=643043 Patch
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:linux-pam:linux-pam:*:*:*:*:*:*:*:*
cpe:2.3:a:linux-pam:linux-pam:0.99.1.0:*:*:*:*:*:*:*
cpe:2.3:a:linux-pam:linux-pam:0.99.2.0:*:*:*:*:*:*:*
cpe:2.3:a:linux-pam:linux-pam:0.99.2.1:*:*:*:*:*:*:*
cpe:2.3:a:linux-pam:linux-pam:0.99.3.0:*:*:*:*:*:*:*
cpe:2.3:a:linux-pam:linux-pam:0.99.4.0:*:*:*:*:*:*:*
cpe:2.3:a:linux-pam:linux-pam:0.99.5.0:*:*:*:*:*:*:*
cpe:2.3:a:linux-pam:linux-pam:0.99.6.0:*:*:*:*:*:*:*
cpe:2.3:a:linux-pam:linux-pam:0.99.6.1:*:*:*:*:*:*:*
cpe:2.3:a:linux-pam:linux-pam:0.99.6.2:*:*:*:*:*:*:*
cpe:2.3:a:linux-pam:linux-pam:0.99.6.3:*:*:*:*:*:*:*
cpe:2.3:a:linux-pam:linux-pam:0.99.7.0:*:*:*:*:*:*:*
cpe:2.3:a:linux-pam:linux-pam:0.99.7.1:*:*:*:*:*:*:*
cpe:2.3:a:linux-pam:linux-pam:0.99.8.0:*:*:*:*:*:*:*
cpe:2.3:a:linux-pam:linux-pam:0.99.8.1:*:*:*:*:*:*:*
cpe:2.3:a:linux-pam:linux-pam:0.99.9.0:*:*:*:*:*:*:*
cpe:2.3:a:linux-pam:linux-pam:0.99.10.0:*:*:*:*:*:*:*
cpe:2.3:a:linux-pam:linux-pam:1.0.0:*:*:*:*:*:*:*
cpe:2.3:a:linux-pam:linux-pam:1.0.1:*:*:*:*:*:*:*
cpe:2.3:a:linux-pam:linux-pam:1.0.2:*:*:*:*:*:*:*
cpe:2.3:a:linux-pam:linux-pam:1.0.3:*:*:*:*:*:*:*
cpe:2.3:a:linux-pam:linux-pam:1.0.4:*:*:*:*:*:*:*
cpe:2.3:a:linux-pam:linux-pam:1.1.0:*:*:*:*:*:*:*
cpe:2.3:a:linux-pam:linux-pam:1.1.1:*:*:*:*:*:*:*
History

21 Nov 2024, 01:19

Type Values Removed Values Added
References () http://lists.vmware.com/pipermail/security-announce/2011/000126.html - () http://lists.vmware.com/pipermail/security-announce/2011/000126.html -
References () http://pam.cvs.sourceforge.net/viewvc/pam/Linux-PAM/modules/pam_namespace/pam_namespace.c?view=log#rev1.13 - Patch () http://pam.cvs.sourceforge.net/viewvc/pam/Linux-PAM/modules/pam_namespace/pam_namespace.c?view=log#rev1.13 - Patch
References () http://secunia.com/advisories/49711 - () http://secunia.com/advisories/49711 -
References () http://security.gentoo.org/glsa/glsa-201206-31.xml - () http://security.gentoo.org/glsa/glsa-201206-31.xml -
References () http://www.mandriva.com/security/advisories?name=MDVSA-2010:220 - () http://www.mandriva.com/security/advisories?name=MDVSA-2010:220 -
References () http://www.redhat.com/support/errata/RHSA-2010-0819.html - () http://www.redhat.com/support/errata/RHSA-2010-0819.html -
References () http://www.redhat.com/support/errata/RHSA-2010-0891.html - () http://www.redhat.com/support/errata/RHSA-2010-0891.html -
References () http://www.securityfocus.com/archive/1/516909/100/0/threaded - () http://www.securityfocus.com/archive/1/516909/100/0/threaded -
References () http://www.vmware.com/security/advisories/VMSA-2011-0004.html - () http://www.vmware.com/security/advisories/VMSA-2011-0004.html -
References () http://www.vupen.com/english/advisories/2011/0606 - () http://www.vupen.com/english/advisories/2011/0606 -
References () https://bugzilla.redhat.com/show_bug.cgi?id=643043 - Patch () https://bugzilla.redhat.com/show_bug.cgi?id=643043 - Patch
Information

Published : 2011-01-24 18:00

Updated : 2025-04-11 00:51

NVD link : CVE-2010-3853

Mitre link : CVE-2010-3853

CVE.ORG link : CVE-2010-3853

JSON object : View

Products Affected

linux-pam

  • linux-pam
CWE
NVD-CWE-Other