pam_namespace.c in the pam_namespace module in Linux-PAM (aka pam) before 1.1.3 uses the environment of the invoking application or service during execution of the namespace.init script, which might allow local users to gain privileges by running a setuid program that relies on the pam_namespace PAM check, as demonstrated by the sudo program.
References
Configurations
Configuration 1 (hide)
|
History
No history.
Information
Published : 2011-01-24 18:00
Updated : 2024-02-28 11:41
NVD link : CVE-2010-3853
Mitre link : CVE-2010-3853
CVE.ORG link : CVE-2010-3853
JSON object : View
Products Affected
linux-pam
- linux-pam
CWE