CVE-2010-4707

Priority
Low
Description
The check_acl function in pam_xauth.c in the pam_xauth module in Linux-PAM
(aka pam) 1.1.2 and earlier does not verify that a certain ACL file is a
regular file, which might allow local users to cause a denial of service
(resource consumption) via a special file.
References
Bugs
Notes
 sbeattie> pam_xauth not enabled in the default install
 mdeslaur> see complete patch list in CVE-2010-3435
Package
Source: pam (LP Ubuntu Debian)
Upstream:released (1.1.3)
Patches:
Upstream:http://git.altlinux.org/people/ldv/packages/?p=pam.git;a=commit;h=ffe7058c70253d574b1963c7c93002bd410fddc9
More Information

Updated: 2017-08-11 23:45:22 UTC (commit 13081)