PT-2010-2556 · Canonical · Libpam-Modules
Denis Excoffier
·
Publicado
2010-07-12
·
Atualizado
2017-08-17
·
CVE-2010-0832
CVSS v2.0
6.9
Média
| Vetor | AV:L/AC:M/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
libpam-modules versions prior to 1.1.0-2ubuntu1.1 on Ubuntu 9.10
libpam-modules versions prior to 1.1.1-2ubuntu5 on Ubuntu 10.04 LTS
Description
The issue allows local users to change the ownership of arbitrary files via a symlink attack on .cache in a user's home directory. This is related to "user file stamps" and the motd.legal-notice file.
Recommendations
For libpam-modules versions prior to 1.1.0-2ubuntu1.1 on Ubuntu 9.10, update to version 1.1.0-2ubuntu1.1 or later.
For libpam-modules versions prior to 1.1.1-2ubuntu5 on Ubuntu 10.04 LTS, update to version 1.1.1-2ubuntu5 or later.
Exploit
Correção
Link Following
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Libpam-Modules