CVE-2010-0832

Priority
High
Description
pam_motd (aka the MOTD module) in libpam-modules before 1.1.0-2ubuntu1.1 in
PAM on Ubuntu 9.10 and libpam-modules before 1.1.1-2ubuntu5 in PAM on
Ubuntu 10.04 LTS allows local users to change the ownership of arbitrary
files via a symlink attack on .cache in a user's home directory, related to
"user file stamps" and the motd.legal-notice file.
Ubuntu-Description
Denis Excoffier discovered that the PAM MOTD module in Ubuntu did not
correctly handle path permissions when creating user file stamps. A
local attacker could exploit this to gain root privilieges.
References
Notes
kees> Ubuntu-specific patch.
Assigned-to
kees
Package
Source: pam (LP Ubuntu Debian)
Upstream:not-affected
Ubuntu 8.04 LTS (Hardy Heron):not-affected
Ubuntu 10.04 LTS (Lucid Lynx):released (1.1.1-2ubuntu5)
More Information

Valid XHTML 1.0 Strict

Updated: 2012-06-01 15:20:46 UTC (commit 5347)