CVE-2010-3316

Publication date 24 January 2011

Last updated 24 July 2024


Ubuntu priority

The run_coprocess function in pam_xauth.c in the pam_xauth module in Linux-PAM (aka pam) before 1.1.2 does not check the return values of the setuid, setgid, and setgroups system calls, which might allow local users to read arbitrary files by executing a program that relies on the pam_xauth PAM check.

Read the notes from the security team

Status

Package Ubuntu Release Status
pam 11.04 natty
Not affected
10.10 maverick
Fixed 1.1.1-4ubuntu2.2
10.04 LTS lucid
Fixed 1.1.1-2ubuntu5.2
9.10 karmic Ignored end of life
8.04 LTS hardy
Fixed 0.99.7.1-5ubuntu6.3
6.06 LTS dapper Ignored end of life

Notes


mdeslaur

patch below also includes partial fix for CVE-2010-3435, but introduces CVE-2010-3430 and CVE-2010-3431 see complete patch list in CVE-2010-3435

Patch details

For informational purposes only. We recommend not to cherry-pick updates. How can I get the fixes?

Package Patch details
pam

References

Related Ubuntu Security Notices (USN)

Other references