The run_coprocess function in pam_xauth.c in the pam_xauth module in Linux-PAM (aka pam) before 1.1.2 does not check the return values of the setuid, setgid, and setgroups system calls, which might allow local users to read arbitrary files by executing a program that relies on the pam_xauth PAM check.
References
Configurations
Configuration 1 (hide)
|
History
No history.
Information
Published : 2011-01-24 18:00
Updated : 2023-02-13 04:23
NVD link : CVE-2010-3316
Mitre link : CVE-2010-3316
CVE.ORG link : CVE-2010-3316
JSON object : View
Products Affected
linux-pam
- linux-pam
CWE