PT-2010-2556 · Canonical · Libpam-Modules

Denis Excoffier

Published

2010-07-12

Updated

2017-08-17

CVE-2010-0832

CVSS v2.0

6.9

Medium

Vector

AV:L/AC:M/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions libpam-modules versions prior to 1.1.0-2ubuntu1.1 on Ubuntu 9.10 libpam-modules versions prior to 1.1.1-2ubuntu5 on Ubuntu 10.04 LTS

Description The issue allows local users to change the ownership of arbitrary files via a symlink attack on .cache in a user's home directory. This is related to "user file stamps" and the motd.legal-notice file.

Recommendations For libpam-modules versions prior to 1.1.0-2ubuntu1.1 on Ubuntu 9.10, update to version 1.1.0-2ubuntu1.1 or later. For libpam-modules versions prior to 1.1.1-2ubuntu5 on Ubuntu 10.04 LTS, update to version 1.1.1-2ubuntu5 or later.

Exploit

Fix

Link Following

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-59

Related Identifiers

CVE-2010-0832

Affected Products

Libpam-Modules

PT-2010-2556 · Canonical · Libpam-Modules

CVE-2010-0832

Weakness Enumeration

Related Identifiers

Affected Products

References · 12