The run_coprocess function in pam_xauth.c in the pam_xauth module in Linux-PAM (aka pam) before 1.1.2 does not check the return values of the setuid, setgid, and setgroups system calls, which might allow local users to read arbitrary files by executing a program that relies on the pam_xauth PAM check.
References
Configurations
Configuration 1 (hide)
|
History
13 Feb 2023, 04:23
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
Information
Published : 2011-01-24 18:00
Updated : 2023-12-10 11:03
NVD link : CVE-2010-3316
Mitre link : CVE-2010-3316
CVE.ORG link : CVE-2010-3316
JSON object : View
Products Affected
linux-pam
- linux-pam
CWE