CVE-2010-4706
Publication date 24 January 2011
Last updated 24 July 2024
Ubuntu priority
The pam_sm_close_session function in pam_xauth.c in the pam_xauth module in Linux-PAM (aka pam) 1.1.2 and earlier does not properly handle a failure to determine a certain target uid, which might allow local users to delete unintended files by executing a program that relies on the pam_xauth PAM check.
Status
Package | Ubuntu Release | Status |
---|---|---|
pam | 11.04 natty |
Fixed 1.1.2-2ubuntu8.2
|
10.10 maverick |
Fixed 1.1.1-4ubuntu2.2
|
|
10.04 LTS lucid |
Fixed 1.1.1-2ubuntu5.2
|
|
9.10 karmic | Ignored end of life | |
8.04 LTS hardy |
Fixed 0.99.7.1-5ubuntu6.3
|
|
6.06 LTS dapper | Ignored end of life |
Notes
Patch details
Package | Patch details |
---|---|
pam |
References
Related Ubuntu Security Notices (USN)
- USN-1140-1
- PAM vulnerabilities
- 30 May 2011