Executive Summary

Summary
Title PAM vulnerability
Informations
Name USN-959-1 First vendor Publication 2010-07-07
Vendor Ubuntu Last vendor Modification 2010-07-07
Severity (Vendor) N/A Revision N/A

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:L/AC:M/Au:N/C:C/I:C/A:C)
Cvss Base Score 6.9 Attack Range Local
Cvss Impact Score 10 Attack Complexity Medium
Cvss Expoit Score 3.4 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

A security issue affects the following Ubuntu releases:

Ubuntu 9.10 Ubuntu 10.04 LTS

This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the following package versions:

Ubuntu 9.10:
libpam-modules 1.1.0-2ubuntu1.1

Ubuntu 10.04 LTS:
libpam-modules 1.1.1-2ubuntu5

In general, a standard system update will make all the necessary changes.

Details follow:

Denis Excoffier discovered that the PAM MOTD module in Ubuntu did not correctly handle path permissions when creating user file stamps. A local attacker could exploit this to gain root privilieges.

Original Source

Url : http://www.ubuntu.com/usn/USN-959-1

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-59 Improper Link Resolution Before File Access ('Link Following')

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:12944
 
Oval ID: oval:org.mitre.oval:def:12944
Title: USN-959-2 -- pam vulnerability
Description: USN-959-1 fixed vulnerabilities in PAM. This update provides the corresponding updates for Ubuntu 10.10. Original advisory details: Denis Excoffier discovered that the PAM MOTD module in Ubuntu did not correctly handle path permissions when creating user file stamps. A local attacker could exploit this to gain root privilieges.
Family: unix Class: patch
Reference(s): USN-959-2
CVE-2010-0832
 Version: 5
Platform(s): Ubuntu 10.10
 Product(s): pam
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:13248
 
Oval ID: oval:org.mitre.oval:def:13248
Title: USN-959-1 -- pam vulnerability
Description: Denis Excoffier discovered that the PAM MOTD module in Ubuntu did not correctly handle path permissions when creating user file stamps. A local attacker could exploit this to gain root privilieges.
Family: unix Class: patch
Reference(s): USN-959-1
CVE-2010-0832
 Version: 5
Platform(s): Ubuntu 9.10
Ubuntu 10.04
 Product(s): pam
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Os 2

ExploitDB Exploits

id Description
2010-07-12 Ubuntu PAM MOTD Local Root Exploit
2010-07-08 Ubuntu PAM MOTD File Tampering (Privilege Escalation)

OpenVAS Exploits

Date Description
2010-11-23 Name : Ubuntu Update for pam vulnerability USN-959-2
File : nvt/gb_ubuntu_USN_959_2.nasl
2010-07-12 Name : Ubuntu Update for pam vulnerability USN-959-1
File : nvt/gb_ubuntu_USN_959_1.nasl

Open Source Vulnerability Database (OSVDB)

Id Description
66116 Ubuntu pam MOTD Module User File Stamps Symlink Privilege Escalation

Nessus® Vulnerability Scanner

Date Description
2010-10-26 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-959-2.nasl - Type : ACT_GATHER_INFO
2010-07-08 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-959-1.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
Date Informations
2014-02-17 12:06:55
  • Multiple Updates