CVE-2010-0832

Publication date 7 July 2010

Last updated 24 July 2024

pam_motd (aka the MOTD module) in libpam-modules before 1.1.0-2ubuntu1.1 in PAM on Ubuntu 9.10 and libpam-modules before 1.1.1-2ubuntu5 in PAM on Ubuntu 10.04 LTS allows local users to change the ownership of arbitrary files via a symlink attack on .cache in a user's home directory, related to "user file stamps" and the motd.legal-notice file.

From the Ubuntu Security Team

Denis Excoffier discovered that the PAM MOTD module in Ubuntu did not correctly handle path permissions when creating user file stamps. A local attacker could exploit this to gain root privilieges.

Read the notes from the security team

Status

Show unmaintained releases

Package	Ubuntu Release	Status
pam	10.04 LTS lucid	Fixed 1.1.1-2ubuntu5
	9.10 karmic	Fixed 1.1.0-2ubuntu1.1
	9.04 jaunty	Not affected
	8.04 LTS hardy	Not affected
	6.06 LTS dapper	Not affected

Notes

kees

Ubuntu-specific patch.

References

Related Ubuntu Security Notices (USN)

USN-959-1
PAM vulnerability
7 July 2010

USN-959-2
PAM vulnerability
25 October 2010

Other references

https://www.cve.org/CVERecord?id=CVE-2010-0832