CVE-2010-3853 in Linux-PAMinfo

Summary

pam_namespace.c in the pam_namespace module in Linux-PAM (aka pam) before 1.1.3 uses the environment of the invoking application or service during execution of the namespace.init script, which might allow local users to gain privileges by running a setuid program that relies on the pam_namespace PAM check, as demonstrated by the sudo program.

VulDB is the best source for vulnerability data and more expert information about this specific topic.

Reservation

10/08/2010

Disclosure

01/24/2011

Status

Confirmed

Entries

VulDB provides additional information and datapoints for this CVE:

ID	Vulnerability	CWE	Exp	Cou	CVE
56216	Linux-PAM setuid Program pam_namespace.c Local Privilege Escalation		Proof-of-Concept	Official fix	CVE-2010-3853

Description

CPE

CWE

CVSS

Exploits

History

Diff

Relate

Threat Intelligence

API JSON

API XML

API CSV

Sources

MITRE
NVD
CVE Details

◂ PreviousOverviewNext ▸

Want to know what is going to be exploited?

We predict KEV entries!