CVE-2011-3628

Publication date 24 October 2011

Last updated 24 July 2024

Ubuntu priority

Untrusted search path vulnerability in pam_motd (aka the MOTD module) in libpam-modules before 1.1.3-2ubuntu2.1 on Ubuntu 11.10, before 1.1.2-2ubuntu8.4 on Ubuntu 11.04, before 1.1.1-4ubuntu2.4 on Ubuntu 10.10, before 1.1.1-2ubuntu5.4 on Ubuntu 10.04 LTS, and before 0.99.7.1-5ubuntu6.5 on Ubuntu 8.04 LTS, when using certain configurations such as “session optional pam_motd.so”, allows local users to gain privileges by modifying the PATH environment variable to reference a malicious command, as demonstrated via uname.

Read the notes from the security team

Status

Show unmaintained releases

No maintained releases are affected by this CVE.

Package	Ubuntu Release	Status
pam	11.10 oneiric	Fixed 1.1.3-2ubuntu2.1
	11.04 natty	Fixed 1.1.2-2ubuntu8.4
	10.10 maverick	Fixed 1.1.1-4ubuntu2.4
	10.04 LTS lucid	Fixed 1.1.1-2ubuntu5.4
	8.04 LTS hardy	Not affected

Notes

mdeslaur

code not present in hardy

References

Related Ubuntu Security Notices (USN)

USN-1237-1
PAM vulnerabilities
24 October 2011

Other references

https://www.cve.org/CVERecord?id=CVE-2011-3628