CVE-2019-16729

Опубликовано: 24 сент. 2019

Источник: nvd

CVSS3: 7.8

CVSS2: 7.2

EPSS Низкий

Описание

pam-python before 1.0.7-1 has an issue in regard to the default environment variable handling of Python, which could allow for local root escalation in certain PAM setups.

Ссылки

https://bugzilla.suse.com/show_bug.cgi?id=1150510#c1
Issue Tracking
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2019/11/msg00020.html
Mailing List
Third Party Advisory
https://sourceforge.net/p/pam-python/code/ci/0247ab687b4347cc52859ca461fb0126dd7e2ebe/
Patch
https://tracker.debian.org/news/1066790/accepted-pam-python-107-1-source-amd64-all-into-unstable/
Mailing List
Third Party Advisory
https://usn.ubuntu.com/4552-1/
Third Party Advisory
https://usn.ubuntu.com/4552-2/
Third Party Advisory
https://www.debian.org/security/2019/dsa-4555
Third Party Advisory
https://bugzilla.suse.com/show_bug.cgi?id=1150510#c1
Issue Tracking
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2019/11/msg00020.html
Mailing List
Third Party Advisory
https://sourceforge.net/p/pam-python/code/ci/0247ab687b4347cc52859ca461fb0126dd7e2ebe/
Patch
https://tracker.debian.org/news/1066790/accepted-pam-python-107-1-source-amd64-all-into-unstable/
Mailing List
Third Party Advisory
https://usn.ubuntu.com/4552-1/
Third Party Advisory
https://usn.ubuntu.com/4552-2/
Third Party Advisory
https://www.debian.org/security/2019/dsa-4555
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:pam-python_project:pam-python:*:*:*:*:*:*:*:*

Версия до 1.0.7-1 (исключая)

Конфигурация 2

Одно из

cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*

cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*

cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*

Конфигурация 3

Одно из

cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*

EPSS

Процентиль: 30%

0.00112

Низкий

7.8 High

CVSS3

7.2 High

CVSS2

Дефекты

NVD-CWE-noinfo

Связанные уязвимости

CVE-2019-16729

CVSS3: 7.8

ubuntu

больше 6 лет назад

pam-python before 1.0.7-1 has an issue in regard to the default environment variable handling of Python, which could allow for local root escalation in certain PAM setups.

CVE-2019-16729

CVSS3: 7.8

debian

больше 6 лет назад

pam-python before 1.0.7-1 has an issue in regard to the default enviro ...

GHSA-fmm4-q9rf-m62f

CVSS3: 7.8

github

больше 3 лет назад

pam-python before 1.0.7-1 has an issue in regard to the default environment variable handling of Python, which could allow for local root escalation in certain PAM setups.

BDU:2020-01330

CVSS3: 7.8

fstec

больше 6 лет назад

Уязвимость PAM-модуля pam-python интерпретатора языка программирования Python, позволяющая нарушителю повысить свои привилегии

EPSS

Процентиль: 30%

0.00112

Низкий

7.8 High

CVSS3

7.2 High

CVSS2

Дефекты

NVD-CWE-noinfo