Описание
pam_namespace.c in the pam_namespace module in Linux-PAM (aka pam) before 1.1.3 uses the environment of the invoking application or service during execution of the namespace.init script, which might allow local users to gain privileges by running a setuid program that relies on the pam_namespace PAM check, as demonstrated by the sudo program.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 3 | pam | Not affected | ||
| Red Hat Enterprise Linux 4 | pam | Not affected | ||
| Red Hat Enterprise Linux 5 | pam | Fixed | RHSA-2010:0819 | 01.11.2010 |
| Red Hat Enterprise Linux 6 | pam | Fixed | RHSA-2010:0891 | 16.11.2010 |
Показывать по
Дополнительная информация
Статус:
EPSS
6.2 Medium
CVSS2
Связанные уязвимости
pam_namespace.c in the pam_namespace module in Linux-PAM (aka pam) before 1.1.3 uses the environment of the invoking application or service during execution of the namespace.init script, which might allow local users to gain privileges by running a setuid program that relies on the pam_namespace PAM check, as demonstrated by the sudo program.
pam_namespace.c in the pam_namespace module in Linux-PAM (aka pam) before 1.1.3 uses the environment of the invoking application or service during execution of the namespace.init script, which might allow local users to gain privileges by running a setuid program that relies on the pam_namespace PAM check, as demonstrated by the sudo program.
pam_namespace.c in the pam_namespace module in Linux-PAM (aka pam) bef ...
pam_namespace.c in the pam_namespace module in Linux-PAM (aka pam) before 1.1.3 uses the environment of the invoking application or service during execution of the namespace.init script, which might allow local users to gain privileges by running a setuid program that relies on the pam_namespace PAM check, as demonstrated by the sudo program.
EPSS
6.2 Medium
CVSS2