CVE Vulnerabilities

CVE-2010-3316

Published: Jan 24, 2011 | Modified: Feb 13, 2023
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
3.3 LOW
AV:L/AC:M/Au:N/C:P/I:P/A:N
RedHat/V2
3.3 MODERATE
AV:L/AC:M/Au:N/C:P/I:P/A:N
RedHat/V3
Ubuntu
LOW

The run_coprocess function in pam_xauth.c in the pam_xauth module in Linux-PAM (aka pam) before 1.1.2 does not check the return values of the setuid, setgid, and setgroups system calls, which might allow local users to read arbitrary files by executing a program that relies on the pam_xauth PAM check.

Affected Software

Name Vendor Start Version End Version
Linux-pam Linux-pam * 1.1.1 (including)
Linux-pam Linux-pam 0.99.1.0 (including) 0.99.1.0 (including)
Linux-pam Linux-pam 0.99.2.0 (including) 0.99.2.0 (including)
Linux-pam Linux-pam 0.99.2.1 (including) 0.99.2.1 (including)
Linux-pam Linux-pam 0.99.3.0 (including) 0.99.3.0 (including)
Linux-pam Linux-pam 0.99.4.0 (including) 0.99.4.0 (including)
Linux-pam Linux-pam 0.99.5.0 (including) 0.99.5.0 (including)
Linux-pam Linux-pam 0.99.6.0 (including) 0.99.6.0 (including)
Linux-pam Linux-pam 0.99.6.1 (including) 0.99.6.1 (including)
Linux-pam Linux-pam 0.99.6.2 (including) 0.99.6.2 (including)
Linux-pam Linux-pam 0.99.6.3 (including) 0.99.6.3 (including)
Linux-pam Linux-pam 0.99.7.0 (including) 0.99.7.0 (including)
Linux-pam Linux-pam 0.99.7.1 (including) 0.99.7.1 (including)
Linux-pam Linux-pam 0.99.8.0 (including) 0.99.8.0 (including)
Linux-pam Linux-pam 0.99.8.1 (including) 0.99.8.1 (including)
Linux-pam Linux-pam 0.99.9.0 (including) 0.99.9.0 (including)
Linux-pam Linux-pam 0.99.10.0 (including) 0.99.10.0 (including)
Linux-pam Linux-pam 1.0.0 (including) 1.0.0 (including)
Linux-pam Linux-pam 1.0.1 (including) 1.0.1 (including)
Linux-pam Linux-pam 1.0.2 (including) 1.0.2 (including)
Linux-pam Linux-pam 1.0.3 (including) 1.0.3 (including)
Linux-pam Linux-pam 1.0.4 (including) 1.0.4 (including)
Linux-pam Linux-pam 1.1.0 (including) 1.1.0 (including)
Red Hat Enterprise Linux 5 RedHat pam-0:0.99.6.2-6.el5_5.2 *
Red Hat Enterprise Linux 6 RedHat pam-0:1.1.1-4.el6_0.1 *
Pam Ubuntu dapper *
Pam Ubuntu hardy *
Pam Ubuntu karmic *
Pam Ubuntu lucid *
Pam Ubuntu maverick *
Pam Ubuntu upstream *

References