CVE-2010-3853

Priority
Low
Description
pam_namespace.c in the pam_namespace module in Linux-PAM (aka pam) before
1.1.3 uses the environment of the invoking application or service during
execution of the namespace.init script, which might allow local users to
gain privileges by running a setuid program that relies on the
pam_namespace PAM check, as demonstrated by the sudo program.
References
Bugs
Notes
 sbeattie> doesn't look like pam_namespace is enabled by default
Package
Source: pam (LP Ubuntu Debian)
Upstream:released (1.1.3)
Patches:
Upstream:http://pam.cvs.sourceforge.net/viewvc/pam/Linux-PAM/modules/pam_namespace/pam_namespace.c?r1=1.12&r2=1.13&view=patch
More Information

Updated: 2016-03-23 03:37:55 UTC (commit 10817)