Denis Excoffier

**Name of the Vulnerable Software and Affected Versions** libpam-modules versions prior to 1.1.0-2ubuntu1.1 on Ubuntu 9.10 libpam-modules versions prior to 1.1.1-2ubuntu5 on Ubuntu 10.04 LTS **Description** The issue allows local users to change the ownership of arbitrary files via a symlink attack on .cache in a user's home directory. This is related to "user file stamps" and the motd.legal-notice file. **Recommendations** For libpam-modules versions prior to 1.1.0-2ubuntu1.1 on Ubuntu 9.10, update to version 1.1.0-2ubuntu1.1 or later. For libpam-modules versions prior to 1.1.1-2ubuntu5 on Ubuntu 10.04 LTS, update to version 1.1.1-2ubuntu5 or later.