4.7 Medium
CVSS2
Attack Vector
LOCAL
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:M/Au:N/C:C/I:N/A:N
0.0004 Low
EPSS
Percentile
10.3%
The run_coprocess function in pam_xauth.c in the pam_xauth module in
Linux-PAM (aka pam) before 1.1.2 does not check the return values of the
setuid, setgid, and setgroups system calls, which might allow local users
to read arbitrary files by executing a program that relies on the pam_xauth
PAM check.
Author | Note |
---|---|
mdeslaur | patch below also includes partial fix for CVE-2010-3435, but introduces CVE-2010-3430 and CVE-2010-3431 see complete patch list in CVE-2010-3435 |