PAM: Multiple Vulnerabilities

Users of PAM please be advised of a Multiple Vulnerabilities that has been identified.

To view this vulnerability, possible remedies, and others please check out the Security Advisories at Critical Watch (http://criticalwatch.com/support/security-advisories.aspx)

Amplify’d from www.criticalwatch.com

RHSA-2010:0819-01: [RHSA-2010:0819-01] pam: Multiple Vulnerabilities

Product: Red Hat Enterprise Linux

Description:

It was discovered that the pam_namespace module executed the external script namespace.init with an unchanged environment inherited from an application calling PAM. In cases where such an environment was untrusted (for example, when pam_namespace was configured for setuid applications such as su or sudo), a local, unprivileged user could possibly use this flaw to escalate their privileges. (CVE-2010-3853)

It was discovered that the pam_mail module used root privileges while accessing users' files. In certain configurations, a local, unprivileged user could use this flaw to obtain limited information about files or directories that they do not have access to. (CVE-2010-3435) Read more at www.criticalwatch.com

 

See this Amp at http://amplify.com/u/ep1m