CVE-2010-3853

Name of the Vulnerable Software and Affected Versions pam versions prior to 1.1.3 Red Hat Enterprise Linux (affected versions not specified)

Description The issue concerns multiple vulnerabilities in the pam package of Red Hat Enterprise Linux. These vulnerabilities can be exploited locally, potentially leading to breaches of confidentiality, integrity, and availability of protected information. The pam namespace module in Linux-PAM is specifically affected, where it uses the environment of the invoking application or service during execution of the namespace.init script. This might allow local users to gain privileges by running a setuid program that relies on the pam namespace PAM check.

Recommendations For versions prior to 1.1.3, update to version 1.1.3 or later to resolve the issue. As a temporary workaround, consider restricting the use of the pam namespace module until a patch is available. Avoid using setuid programs that rely on the pam namespace PAM check in vulnerable versions.