QwikSec

Security Database

CVE

CWE

Training

CVE-2010-3853

Published: Jan 24, 2011

Modified: Aug 7, 2024

PUBLISHED

Description

pam_namespace.c in the pam_namespace module in Linux-PAM (aka pam) before 1.1.3 uses the environment of the invoking application or service during execution of the namespace.init script, which might allow local users to gain privileges by running a setuid program that relies on the pam_namespace PAM check, as demonstrated by the sudo program.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

vendor-advisory

x_refsource_GENTOO

[security-announce] 20110307 VMSA-2011-0004 VMware ESX/ESXi SLPD denial of service vulnerability and ESX third party updates for Service Console packages bind, pam, and rpm

mailing-list

x_refsource_MLIST

vdb-entry

x_refsource_VUPEN

20110308 VMSA-2011-0004 VMware ESX/ESXi SLPD denial of service vulnerability and ESX third party updates for Service Console packages bind, pam, and rpm.

mailing-list

x_refsource_BUGTRAQ

vendor-advisory

x_refsource_MANDRIVA

third-party-advisory

x_refsource_SECUNIA

vendor-advisory

x_refsource_REDHAT

https://bugzilla.redhat.com/show_bug.cgi?id=643043

x_refsource_CONFIRM

vendor-advisory

x_refsource_REDHAT

http://www.vmware.com/security/advisories/VMSA-2011-0004.html

x_refsource_CONFIRM

http://pam.cvs.sourceforge.net/viewvc/pam/Linux-PAM/modules/pam_namespace/pam_namespace.c?view=log#rev1.13

x_refsource_CONFIRM

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.