pam_namespace.c in the pam_namespace module in Linux-PAM (aka pam) prior to 1.1.3 uses the environment of the invoking application or service during execution of the namespace.init script, which might allow local users to gain privileges by running a setuid program that relies on the pam_namespace PAM check, as demonstrated by the sudo program.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
linux-pam linux-pam 1.0.4 |
||
linux-pam linux-pam 1.0.2 |
||
linux-pam linux-pam 1.1.0 |
||
linux-pam linux-pam 0.99.7.1 |
||
linux-pam linux-pam 0.99.8.0 |
||
linux-pam linux-pam 1.0.3 |
||
linux-pam linux-pam 1.1.1 |
||
linux-pam linux-pam 0.99.6.3 |
||
linux-pam linux-pam 0.99.7.0 |
||
linux-pam linux-pam 0.99.4.0 |
||
linux-pam linux-pam |
||
linux-pam linux-pam 0.99.9.0 |
||
linux-pam linux-pam 0.99.8.1 |
||
linux-pam linux-pam 0.99.6.1 |
||
linux-pam linux-pam 0.99.6.2 |
||
linux-pam linux-pam 0.99.2.1 |
||
linux-pam linux-pam 0.99.3.0 |
||
linux-pam linux-pam 1.0.1 |
||
linux-pam linux-pam 1.0.0 |
||
linux-pam linux-pam 0.99.5.0 |
||
linux-pam linux-pam 0.99.6.0 |
||
linux-pam linux-pam 0.99.10.0 |
||
linux-pam linux-pam 0.99.1.0 |
||
linux-pam linux-pam 0.99.2.0 |