exploit the possibilities
Showing 1 - 1 of 1 RSS Feed

Files

Mandriva Linux Security Advisory 2010-220
Posted Nov 5, 2010
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2010-220 - The pam_xauth module did not verify the return values of the setuid() and setgid() system calls. A local, unprivileged user could use this flaw to execute the xauth command with root privileges and make it read an arbitrary input file. The pam_mail module used root privileges while accessing users' files. In certain configurations, a local, unprivileged user could use this flaw to obtain limited information about files or directories that they do not have access to. The pam_namespace module executed the external script namespace.init with an unchanged environment inherited from an application calling PAM. In cases where such an environment was untrusted (for example, when pam_namespace was configured for setuid applications such as su or sudo), a local, unprivileged user could possibly use this flaw to escalate their privileges.

tags | advisory, arbitrary, local, root
systems | linux, mandriva
advisories | CVE-2010-3316, CVE-2010-3435, CVE-2010-3853
MD5 | 4b077cee3cf07929bc711118658fe070
Page 1 of 1
Back1Next

Top Authors In Last 30 Days

Recent News

News RSS Feed
Medical Records For 24.3 Million Left Exposed
Posted Sep 18, 2019

tags | headline, privacy, usa, data loss, fraud
New Algorithms Aim To Stamp Out Abuse On Twitter
Posted Sep 18, 2019

tags | headline, fraud, twitter
Poor Protocol Design For IoT Devices Fueling DDoS
Posted Sep 18, 2019

tags | headline, denial of service, flaw
Novaestrat Exec Arrested After Ecuadorian Data Leak
Posted Sep 18, 2019

tags | headline, government, privacy, data loss
Alleged JPMorgan Hacker Set To Plead Guilty
Posted Sep 17, 2019

tags | headline, hacker, bank
The Air Force Will Let Hackers Try To Hijack An Orbiting Satellite
Posted Sep 17, 2019

tags | headline, hacker, usa, conference, military
Gootkit Crew Left Database Exposed Without A Password
Posted Sep 17, 2019

tags | headline, malware, database, data loss, fraud
Attackers Pose As Business Executives To Secure Security Certificates
Posted Sep 17, 2019

tags | headline, cybercrime, fraud, cryptography
Personal Data From Entire 16.6M Population Of Ecuador Leaked Online
Posted Sep 16, 2019

tags | headline, privacy, data loss
Uber Confirms Account Takeover Vulnerability
Posted Sep 16, 2019

tags | headline, hacker, privacy, flaw
View More News →
packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close