Vulnerability Details : CVE-2010-3853
pam_namespace.c in the pam_namespace module in Linux-PAM (aka pam) before 1.1.3 uses the environment of the invoking application or service during execution of the namespace.init script, which might allow local users to gain privileges by running a setuid program that relies on the pam_namespace PAM check, as demonstrated by the sudo program.
Exploit prediction scoring system (EPSS) score for CVE-2010-3853
Probability of exploitation activity in the next 30 days: 0.04%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 6 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2010-3853
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
6.9
|
MEDIUM | AV:L/AC:M/Au:N/C:C/I:C/A:C |
3.4
|
10.0
|
NIST |
References for CVE-2010-3853
-
http://pam.cvs.sourceforge.net/viewvc/pam/Linux-PAM/modules/pam_namespace/pam_namespace.c?view=log#rev1.13
CVS Info for project pamPatch
-
http://www.redhat.com/support/errata/RHSA-2010-0891.html
Support
-
http://security.gentoo.org/glsa/glsa-201206-31.xml
Linux-PAM: Multiple vulnerabilities (GLSA 201206-31) — Gentoo security
-
http://lists.vmware.com/pipermail/security-announce/2011/000126.html
[Security-announce] VMSA-2011-0004 VMware ESX/ESXi SLPD denial of service vulnerability and ESX third party updates for Service Console packages bind, pam, and rpm
-
http://www.mandriva.com/security/advisories?name=MDVSA-2010:220
mandriva.com
-
http://www.securityfocus.com/archive/1/516909/100/0/threaded
SecurityFocus
-
http://www.vupen.com/english/advisories/2011/0606
Webmail | OVH- OVH
-
http://www.redhat.com/support/errata/RHSA-2010-0819.html
Support
-
https://bugzilla.redhat.com/show_bug.cgi?id=643043
643043 – (CVE-2010-3853) CVE-2010-3853 pam: pam_namespace executes namespace.init with service's environmentPatch
-
http://www.vmware.com/security/advisories/VMSA-2011-0004.html
VMSA-2011-0004.3
Products affected by CVE-2010-3853
- cpe:2.3:a:linux-pam:linux-pam:*:*:*:*:*:*:*:*
- cpe:2.3:a:linux-pam:linux-pam:1.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:linux-pam:linux-pam:0.99.9.0:*:*:*:*:*:*:*
- cpe:2.3:a:linux-pam:linux-pam:0.99.6.3:*:*:*:*:*:*:*
- cpe:2.3:a:linux-pam:linux-pam:0.99.6.1:*:*:*:*:*:*:*
- cpe:2.3:a:linux-pam:linux-pam:0.99.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:linux-pam:linux-pam:0.99.8.1:*:*:*:*:*:*:*
- cpe:2.3:a:linux-pam:linux-pam:0.99.8.0:*:*:*:*:*:*:*
- cpe:2.3:a:linux-pam:linux-pam:0.99.7.1:*:*:*:*:*:*:*
- cpe:2.3:a:linux-pam:linux-pam:0.99.7.0:*:*:*:*:*:*:*
- cpe:2.3:a:linux-pam:linux-pam:1.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:linux-pam:linux-pam:1.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:linux-pam:linux-pam:0.99.6.2:*:*:*:*:*:*:*
- cpe:2.3:a:linux-pam:linux-pam:0.99.6.0:*:*:*:*:*:*:*
- cpe:2.3:a:linux-pam:linux-pam:0.99.10.0:*:*:*:*:*:*:*
- cpe:2.3:a:linux-pam:linux-pam:1.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:linux-pam:linux-pam:0.99.5.0:*:*:*:*:*:*:*
- cpe:2.3:a:linux-pam:linux-pam:0.99.4.0:*:*:*:*:*:*:*
- cpe:2.3:a:linux-pam:linux-pam:0.99.3.0:*:*:*:*:*:*:*
- cpe:2.3:a:linux-pam:linux-pam:0.99.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:linux-pam:linux-pam:0.99.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:linux-pam:linux-pam:1.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:linux-pam:linux-pam:1.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:linux-pam:linux-pam:1.1.1:*:*:*:*:*:*:*