English | Deutsch | Español
 
Home ▼
Home About Us Contact Us Privacy Partner Programs Testimonials In Press Mailing Lists Abuse Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
Security
Audits ▼
Home Dedicated audits Advanced audits Standard audits Recurring audits No Risk audits Desktop audits Basic audit Security Seal FAQ Price/Feature Summary Order New Tests All Tests Confidentiality Vulnerability search Run Audit Scheduler IP Permissions Audit Configuration Editor Scan Queue Reminder Notification Schedule Seal Reports Reports Style Editor
Managed
DNS ▼
About Order FAQ Acceptable Use Policy Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password
Network
Monitor ▼
Enterprise Package Advanced Package Standard Package Free Trial FAQ Price/Feature Summary Order/Renew Examples
Configure/Status Alert Profiles
Research
Reports ▼
Home FAQ Glossary Archive
 Login/Register 
 
 Vulnerability   
Search   		     Search 324607 CVE descriptions
and 145615 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.68319
Category:Mandrake Local Security Checks
Title:Mandriva Security Advisory MDVSA-2010:220 (pam)
Summary:NOSUMMARY
Description:Description:
The remote host is missing an update to pam
announced via advisory MDVSA-2010:220.

Multiple vulnerabilities were discovered and corrected in pam:

The pam_xauth module did not verify the return values of the setuid()
and setgid() system calls. A local, unprivileged user could use this
flaw to execute the xauth command with root privileges and make it
read an arbitrary input file (CVE-2010-3316).

The pam_mail module used root privileges while accessing users'
files. In certain configurations, a local, unprivileged user could
use this flaw to obtain limited information about files or directories
that they do not have access to (CVE-2010-3435).

The pam_namespace module executed the external script namespace.init
with an unchanged environment inherited from an application calling
PAM. In cases where such an environment was untrusted (for example,
when pam_namespace was configured for setuid applications such as su
or sudo), a local, unprivileged user could possibly use this flaw to
escalate their privileges (CVE-2010-3853).

Packages for 2009.0 are provided as of the Extended Maintenance
Program. Please visit this link to learn more:
http://store.mandriva.com/product_info.php?cPath=149&products_id=490

The updated packages have been patched to correct these issues.

Affected: 2009.0, 2009.1, 2010.0, 2010.1, Enterprise Server 5.0

Solution:
To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

http://www.securityspace.com/smysecure/catid.html?in=MDVSA-2010:220

Risk factor : High

CVSS Score:
6.9

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2010-3316
20110308 VMSA-2011-0004 VMware ESX/ESXi SLPD denial of service vulnerability and ESX third party updates for Service Console packages bind, pam, and rpm.
http://www.securityfocus.com/archive/1/516909/100/0/threaded
49711
http://secunia.com/advisories/49711
ADV-2011-0606
http://www.vupen.com/english/advisories/2011/0606
GLSA-201206-31
http://security.gentoo.org/glsa/glsa-201206-31.xml
MDVSA-2010:220
http://www.mandriva.com/security/advisories?name=MDVSA-2010:220
RHSA-2010:0819
http://www.redhat.com/support/errata/RHSA-2010-0819.html
RHSA-2010:0891
http://www.redhat.com/support/errata/RHSA-2010-0891.html
[oss-security] 20100816 Minor security flaw with pam_xauth
http://openwall.com/lists/oss-security/2010/08/16/2
[oss-security] 20100921 Re: Minor security flaw with pam_xauth
http://openwall.com/lists/oss-security/2010/09/21/3
http://openwall.com/lists/oss-security/2010/09/21/8
[oss-security] 20100924 Re: Minor security flaw with pam_xauth
http://www.openwall.com/lists/oss-security/2010/09/24/2
[oss-security] 20100927 Re: Minor security flaw with pam_xauth
http://openwall.com/lists/oss-security/2010/09/27/4
http://openwall.com/lists/oss-security/2010/09/27/5
[oss-security] 20100928 Re: Minor security flaw with pam_xauth
http://openwall.com/lists/oss-security/2010/09/27/10
http://openwall.com/lists/oss-security/2010/09/27/7
[oss-security] 20101025 Re: Minor security flaw with pam_xauth
http://openwall.com/lists/oss-security/2010/10/25/2
[security-announce] 20110307 VMSA-2011-0004 VMware ESX/ESXi SLPD denial of service vulnerability and ESX third party updates for Service Console packages bind, pam, and rpm
http://lists.vmware.com/pipermail/security-announce/2011/000126.html
http://git.altlinux.org/people/ldv/packages/?p=pam.git%3Ba=commit%3Bh=06f882f30092a39a1db867c9744b2ca8d60e4ad6
http://www.vmware.com/security/advisories/VMSA-2011-0004.html
https://bugzilla.redhat.com/show_bug.cgi?id=637898
https://sourceforge.net/tracker/?func=detail&aid=3028213&group_id=6663&atid=106663
Common Vulnerability Exposure (CVE) ID: CVE-2010-3435
http://openwall.com/lists/oss-security/2010/09/27/8
https://bugzilla.redhat.com/show_bug.cgi?id=641335
Common Vulnerability Exposure (CVE) ID: CVE-2010-3853
http://pam.cvs.sourceforge.net/viewvc/pam/Linux-PAM/modules/pam_namespace/pam_namespace.c?view=log#rev1.13
https://bugzilla.redhat.com/show_bug.cgi?id=643043
CopyrightCopyright (c) 2010 E-Soft Inc. http://www.securityspace.com

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.



© 1998-2025 E-Soft Inc. All rights reserved.