The run_coprocess function in pam_xauth.c in the pam_xauth module in Linux-PAM (aka pam) before 1.1.2 does not check the return values of the setuid, setgid, and setgroups system calls, which might allow local users to read arbitrary files by executing a program that relies on the pam_xauth PAM check.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2011-01-24T17:00:00

Updated: 2024-08-07T03:03:18.998Z

Reserved: 2010-09-13T00:00:00

Link: CVE-2010-3316

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2011-01-24T18:00:01.847

Modified: 2024-11-21T01:18:29.823

Link: CVE-2010-3316

cve-icon Redhat

Severity : Moderate

Publid Date: 2010-07-20T00:00:00Z

Links: CVE-2010-3316 - Bugzilla