3.3 - CVE-2010-3316

Executive Summary

Informations
Name	CVE-2010-3316	First vendor Publication	2011-01-24
Vendor	Cve	Last vendor Modification	2023-02-13

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score	NA
Base Score	NA	Environmental Score	NA
impact SubScore	NA	Temporal Score	NA
Exploitabality Sub Score	NA

Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:L/AC:M/Au:N/C:P/I:P/A:N)
Cvss Base Score	3.3	Attack Range	Local
Cvss Impact Score	4.9	Attack Complexity	Medium
Cvss Expoit Score	3.4	Authentication	None Required
Calculate full CVSS 2.0 Vectors scores

Detail

The run_coprocess function in pam_xauth.c in the pam_xauth module in Linux-PAM (aka pam) before 1.1.2 does not check the return values of the setuid, setgid, and setgroups system calls, which might allow local users to read arbitrary files by executing a program that relies on the pam_xauth PAM check.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3316

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:19932

Oval ID:	oval:org.mitre.oval:def:19932
Title:	VMware ESX/ESXi SLPD denial of service vulnerability and ESX third party updates for Service Console packages bind, pam, and rpm.
Description:	The run_coprocess function in pam_xauth.c in the pam_xauth module in Linux-PAM (aka pam) before 1.1.2 does not check the return values of the setuid, setgid, and setgroups system calls, which might allow local users to read arbitrary files by executing a program that relies on the pam_xauth PAM check.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2010-3316	Version:	4
Platform(s):	VMWare ESX Server 4.1 VMWare ESX Server 4.0	Product(s):
Definition Synopsis:
Patch ESX410-201110207-SG is not installed VMware ESX Server 4.1 is installed AND Patch ESX410-201110207-SG is not installed OR Patch ESX400-201103404-SG is not installed VMware ESX Server 4.0 is installed AND Patch ESX400-201103404-SG is not installed

CPE : Common Platform Enumeration

Type	Description	Count
Application	Linux-Pam cpe:2.3:a:linux-pam:linux-pam:1.1.1:::::::* cpe:2.3:a:linux-pam:linux-pam:1.1.0:::::::* cpe:2.3:a:linux-pam:linux-pam:1.0.4:::::::* cpe:2.3:a:linux-pam:linux-pam:1.0.3:::::::* cpe:2.3:a:linux-pam:linux-pam:1.0.2:::::::* cpe:2.3:a:linux-pam:linux-pam:1.0.1:::::::* cpe:2.3:a:linux-pam:linux-pam:1.0.0:::::::* cpe:2.3:a:linux-pam:linux-pam:0.99.9.0:::::::* cpe:2.3:a:linux-pam:linux-pam:0.99.8.1:::::::* cpe:2.3:a:linux-pam:linux-pam:0.99.8.0:::::::* cpe:2.3:a:linux-pam:linux-pam:0.99.7.1:::::::* cpe:2.3:a:linux-pam:linux-pam:0.99.7.0:::::::* cpe:2.3:a:linux-pam:linux-pam:0.99.6.3:::::::* cpe:2.3:a:linux-pam:linux-pam:0.99.6.2:::::::* cpe:2.3:a:linux-pam:linux-pam:0.99.6.1:::::::* cpe:2.3:a:linux-pam:linux-pam:0.99.6.0:::::::* cpe:2.3:a:linux-pam:linux-pam:0.99.5.0:::::::* cpe:2.3:a:linux-pam:linux-pam:0.99.4.0:::::::* cpe:2.3:a:linux-pam:linux-pam:0.99.3.0:::::::* cpe:2.3:a:linux-pam:linux-pam:0.99.2.1:::::::* cpe:2.3:a:linux-pam:linux-pam:0.99.2.0:::::::* cpe:2.3:a:linux-pam:linux-pam:0.99.10.0:::::::* cpe:2.3:a:linux-pam:linux-pam:0.99.1.0:::::::* cpe:2.3:a:linux-pam:linux-pam::::::::	24

OpenVAS Exploits

Date	Description
2012-08-10	Name : Gentoo Security Advisory GLSA 201206-31 (pam) File : nvt/glsa_201206_31.nasl
2012-03-16	Name : VMSA-2011-0004.3 VMware ESX/ESXi SLPD denial of service vulnerability and ESX... File : nvt/gb_VMSA-2011-0004.nasl
2011-06-06	Name : Ubuntu Update for pam USN-1140-1 File : nvt/gb_ubuntu_USN_1140_1.nasl
2011-06-06	Name : Ubuntu Update for pam USN-1140-2 File : nvt/gb_ubuntu_USN_1140_2.nasl
2010-12-02	Name : Fedora Update for pam FEDORA-2010-17155 File : nvt/gb_fedora_2010_17155_pam_fc14.nasl
2010-11-23	Name : Fedora Update for pam FEDORA-2010-17133 File : nvt/gb_fedora_2010_17133_pam_fc12.nasl
2010-11-16	Name : RedHat Update for pam RHSA-2010:0819-01 File : nvt/gb_RHSA-2010_0819-01_pam.nasl
2010-11-16	Name : Fedora Update for pam FEDORA-2010-17112 File : nvt/gb_fedora_2010_17112_pam_fc13.nasl
2010-11-16	Name : Mandriva Update for pam MDVSA-2010:220 (pam) File : nvt/gb_mandriva_MDVSA_2010_220.nasl

Open Source Vulnerability Database (OSVDB)

Id	Description
68994	Linux-PAM pam_xauth Module run_coprocess() Function Process Limit Bypass Linux-PAM contains a flaw that may allow an attacker to gain access to unauthorized privileges. The issue is triggered when the "pam_xauth" module incorrectly checks the return values of the "setuid()" and "setgid()" functions when dropping privileges, allowing a remote attacker to gain escalated privileges.

Information Assurance Vulnerability Management (IAVM)

Date	Description
2011-05-12	IAVM : 2011-A-0066 - Multiple Vulnerabilities in VMware Products Severity : Category I - VMSKEY : V0027158

Nessus® Vulnerability Scanner

Date	Description
2016-03-04	Name : The remote VMware ESX / ESXi host is missing a security-related patch. File : vmware_VMSA-2011-0004_remote.nasl - Type : ACT_GATHER_INFO
2014-06-13	Name : The remote openSUSE host is missing a security update. File : suse_11_3_pam-111025.nasl - Type : ACT_GATHER_INFO
2013-07-12	Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2010-0891.nasl - Type : ACT_GATHER_INFO
2013-07-12	Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2010-0819.nasl - Type : ACT_GATHER_INFO
2012-08-01	Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20101101_pam_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2012-08-01	Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20101116_pam_on_SL6_x.nasl - Type : ACT_GATHER_INFO
2012-06-26	Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201206-31.nasl - Type : ACT_GATHER_INFO
2011-12-13	Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_pam-111025.nasl - Type : ACT_GATHER_INFO
2011-12-13	Name : The remote SuSE 10 host is missing a security-related patch. File : suse_pam-7814.nasl - Type : ACT_GATHER_INFO
2011-11-03	Name : The remote SuSE 10 host is missing a security-related patch. File : suse_pam-7815.nasl - Type : ACT_GATHER_INFO
2011-06-13	Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-1140-1.nasl - Type : ACT_GATHER_INFO
2011-06-13	Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-1140-2.nasl - Type : ACT_GATHER_INFO
2011-03-08	Name : The remote VMware ESXi / ESX host is missing one or more security-related pat... File : vmware_VMSA-2011-0004.nasl - Type : ACT_GATHER_INFO
2010-11-24	Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2010-0819.nasl - Type : ACT_GATHER_INFO
2010-11-18	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2010-0891.nasl - Type : ACT_GATHER_INFO
2010-11-18	Name : The remote Fedora host is missing a security update. File : fedora_2010-17133.nasl - Type : ACT_GATHER_INFO
2010-11-08	Name : The remote Fedora host is missing a security update. File : fedora_2010-17155.nasl - Type : ACT_GATHER_INFO
2010-11-05	Name : The remote Fedora host is missing a security update. File : fedora_2010-17112.nasl - Type : ACT_GATHER_INFO
2010-11-04	Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2010-220.nasl - Type : ACT_GATHER_INFO
2010-11-02	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2010-0819.nasl - Type : ACT_GATHER_INFO

Sources (Detail)

Source	Url
BUGTRAQ	http://www.securityfocus.com/archive/1/516909/100/0/threaded
CONFIRM	http://www.vmware.com/security/advisories/VMSA-2011-0004.html https://bugzilla.redhat.com/show_bug.cgi?id=637898
GENTOO	http://security.gentoo.org/glsa/glsa-201206-31.xml
MANDRIVA	http://www.mandriva.com/security/advisories?name=MDVSA-2010:220
MISC	http://git.altlinux.org/people/ldv/packages/?p=pam.git%3Ba=commit%3Bh=06f882f... https://sourceforge.net/tracker/?func=detail&aid=3028213&group_id=666...
MLIST	http://lists.vmware.com/pipermail/security-announce/2011/000126.html http://openwall.com/lists/oss-security/2010/08/16/2 http://openwall.com/lists/oss-security/2010/09/21/3 http://openwall.com/lists/oss-security/2010/09/21/8 http://openwall.com/lists/oss-security/2010/09/27/10 http://openwall.com/lists/oss-security/2010/09/27/4 http://openwall.com/lists/oss-security/2010/09/27/5 http://openwall.com/lists/oss-security/2010/09/27/7 http://openwall.com/lists/oss-security/2010/10/25/2 http://www.openwall.com/lists/oss-security/2010/09/24/2
REDHAT	http://www.redhat.com/support/errata/RHSA-2010-0819.html http://www.redhat.com/support/errata/RHSA-2010-0891.html
SECUNIA	http://secunia.com/advisories/49711
VUPEN	http://www.vupen.com/english/advisories/2011/0606

Alert History

If you want to see full details history, please login or register.

Date	Informations
2023-02-13 09:29:01	Multiple Updates
2021-05-05 01:07:21	Multiple Updates
2021-05-04 12:12:19	Multiple Updates
2021-04-22 01:13:05	Multiple Updates
2020-12-23 01:05:50	Multiple Updates
2020-05-23 01:42:38	Multiple Updates
2020-05-23 00:26:27	Multiple Updates
2019-01-03 21:18:53	Multiple Updates
2018-10-11 00:19:55	Multiple Updates
2016-04-26 20:04:41	Multiple Updates
2016-03-05 13:26:42	Multiple Updates
2014-06-14 13:29:14	Multiple Updates
2014-02-17 10:57:18	Multiple Updates
2013-11-11 12:38:55	Multiple Updates
2013-05-10 23:32:08	Multiple Updates

Global Informations

Type	Count
Oval ID(s)	1
CPE ID(s)	24
Sources(s)	21
osvdb(s)	1
Openvas Exploit(s)	9
IAVM(s)	1
Nessus® Exploit(s)	20

	Related
7.2	VMSA-2011-0004
7.2	GLSA-201206-31
6.9	USN-1140-2
6.9	USN-1140-1
6.9	RHSA-2010:0891
6.9	RHSA-2010:0819
6.9	MDVSA-2010:220
Info : listing not affected by your CVSS Env Score

Same Subject	Severity
Login to view 7 more Alert(s)

3.3 - CVE-2010-3316

Executive Summary

Security-Database Scoring CVSS v3

Security-Database Scoring CVSS v2

Detail

Original Source

OVAL Definitions

CPE : Common Platform Enumeration

OpenVAS Exploits

Open Source Vulnerability Database (OSVDB)

Information Assurance Vulnerability Management (IAVM)

Nessus® Vulnerability Scanner

Sources (Detail)

Alert History

Global Informations

Open Standards

Other Databases

COMPANY

STANDARDS

RECENT POSTS

MENU