Executive Summary

Informations
Name CVE-2010-3853 First vendor Publication 2011-01-24
Vendor Cve Last vendor Modification 2019-01-03

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:L/AC:M/Au:N/C:C/I:C/A:C)
Cvss Base Score 6.9 Attack Range Local
Cvss Impact Score 10 Attack Complexity Medium
Cvss Expoit Score 3.4 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

pam_namespace.c in the pam_namespace module in Linux-PAM (aka pam) before 1.1.3 uses the environment of the invoking application or service during execution of the namespace.init script, which might allow local users to gain privileges by running a setuid program that relies on the pam_namespace PAM check, as demonstrated by the sudo program.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3853

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:19576
 
Oval ID: oval:org.mitre.oval:def:19576
Title: VMware ESX/ESXi SLPD denial of service vulnerability and ESX third party updates for Service Console packages bind, pam, and rpm.
Description: pam_namespace.c in the pam_namespace module in Linux-PAM (aka pam) before 1.1.3 uses the environment of the invoking application or service during execution of the namespace.init script, which might allow local users to gain privileges by running a setuid program that relies on the pam_namespace PAM check, as demonstrated by the sudo program.
Family: unix Class: vulnerability
Reference(s): CVE-2010-3853
 Version: 4
Platform(s): VMWare ESX Server 4.1
VMWare ESX Server 4.0
 Product(s):
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 25

OpenVAS Exploits

Date Description
2012-08-10 Name : Gentoo Security Advisory GLSA 201206-31 (pam)
File : nvt/glsa_201206_31.nasl
2012-03-16 Name : VMSA-2011-0004.3 VMware ESX/ESXi SLPD denial of service vulnerability and ESX...
File : nvt/gb_VMSA-2011-0004.nasl
2011-06-06 Name : Ubuntu Update for pam USN-1140-1
File : nvt/gb_ubuntu_USN_1140_1.nasl
2011-06-06 Name : Ubuntu Update for pam USN-1140-2
File : nvt/gb_ubuntu_USN_1140_2.nasl
2010-12-02 Name : Fedora Update for pam FEDORA-2010-17155
File : nvt/gb_fedora_2010_17155_pam_fc14.nasl
2010-11-23 Name : Fedora Update for pam FEDORA-2010-17133
File : nvt/gb_fedora_2010_17133_pam_fc12.nasl
2010-11-16 Name : RedHat Update for pam RHSA-2010:0819-01
File : nvt/gb_RHSA-2010_0819-01_pam.nasl
2010-11-16 Name : Fedora Update for pam FEDORA-2010-17112
File : nvt/gb_fedora_2010_17112_pam_fc13.nasl
2010-11-16 Name : Mandriva Update for pam MDVSA-2010:220 (pam)
File : nvt/gb_mandriva_MDVSA_2010_220.nasl

Open Source Vulnerability Database (OSVDB)

Id Description
68992 Linux-PAM pam_namespace Module namespace Init Script Environment Handling Loc...

Linux-PAM contains a flaw that may allow an attacker to gain access to unauthorized privileges. The issue is triggered when an error in the 'pam_namespace' module when executing the namespace init script occurs, allowing a local attacker to use crafted environment variables when running a setuid program to gain elevated privileges.

Information Assurance Vulnerability Management (IAVM)

Date Description
2011-05-12 IAVM : 2011-A-0066 - Multiple Vulnerabilities in VMware Products
Severity : Category I - VMSKEY : V0027158

Nessus® Vulnerability Scanner

Date Description
2016-03-04 Name : The remote VMware ESX / ESXi host is missing a security-related patch.
File : vmware_VMSA-2011-0004_remote.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2010-0819.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2010-0891.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20101101_pam_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20101116_pam_on_SL6_x.nasl - Type : ACT_GATHER_INFO
2012-06-26 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201206-31.nasl - Type : ACT_GATHER_INFO
2011-06-13 Name : The remote Ubuntu host is missing a security-related patch.
File : ubuntu_USN-1140-1.nasl - Type : ACT_GATHER_INFO
2011-06-13 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-1140-2.nasl - Type : ACT_GATHER_INFO
2011-03-08 Name : The remote VMware ESXi / ESX host is missing one or more security-related pat...
File : vmware_VMSA-2011-0004.nasl - Type : ACT_GATHER_INFO
2010-11-24 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2010-0819.nasl - Type : ACT_GATHER_INFO
2010-11-18 Name : The remote Fedora host is missing a security update.
File : fedora_2010-17133.nasl - Type : ACT_GATHER_INFO
2010-11-18 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2010-0891.nasl - Type : ACT_GATHER_INFO
2010-11-08 Name : The remote Fedora host is missing a security update.
File : fedora_2010-17155.nasl - Type : ACT_GATHER_INFO
2010-11-05 Name : The remote Fedora host is missing a security update.
File : fedora_2010-17112.nasl - Type : ACT_GATHER_INFO
2010-11-04 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2010-220.nasl - Type : ACT_GATHER_INFO
2010-11-02 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2010-0819.nasl - Type : ACT_GATHER_INFO

Sources (Detail)

Source Url
BUGTRAQ http://www.securityfocus.com/archive/1/516909/100/0/threaded
CONFIRM http://pam.cvs.sourceforge.net/viewvc/pam/Linux-PAM/modules/pam_namespace/pam...
http://www.vmware.com/security/advisories/VMSA-2011-0004.html
https://bugzilla.redhat.com/show_bug.cgi?id=643043
GENTOO http://security.gentoo.org/glsa/glsa-201206-31.xml
MANDRIVA http://www.mandriva.com/security/advisories?name=MDVSA-2010:220
MLIST http://lists.vmware.com/pipermail/security-announce/2011/000126.html
REDHAT http://www.redhat.com/support/errata/RHSA-2010-0819.html
http://www.redhat.com/support/errata/RHSA-2010-0891.html
SECUNIA http://secunia.com/advisories/49711
VUPEN http://www.vupen.com/english/advisories/2011/0606

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
5
6
7
8
9
10
11
12
Date Informations
2021-05-05 01:07:39
  • Multiple Updates
2021-05-04 12:12:53
  • Multiple Updates
2021-04-22 01:13:20
  • Multiple Updates
2020-12-23 01:05:57
  • Multiple Updates
2020-05-23 01:42:51
  • Multiple Updates
2020-05-23 00:26:42
  • Multiple Updates
2019-01-03 21:18:53
  • Multiple Updates
2018-10-11 00:19:58
  • Multiple Updates
2016-04-26 20:10:04
  • Multiple Updates
2016-03-05 13:26:42
  • Multiple Updates
2014-02-17 10:58:07
  • Multiple Updates
2013-11-11 12:39:00
  • Multiple Updates
2013-05-10 23:34:57
  • Multiple Updates