CVE-2019-16729

Name of the Vulnerable Software and Affected Versions pam-python versions prior to 1.0.7-1

Description The issue is related to insecure privilege management in the pam-python PAM module, which allows an attacker to escalate privileges using a specially crafted binary file with the setuid flag. This can lead to local root escalation in certain PAM setups. The vulnerability is due to the default environment variable handling of Python, which can be manipulated by a local user to gain access with root privileges.

Recommendations For versions prior to 1.0.7-1, update to version 1.0.7-1 or later to resolve the issue. As a temporary workaround, consider restricting access to the pam-python module to minimize the risk of exploitation. Avoid using the default environment variable handling of Python in PAM setups until the issue is resolved.