Skip to main content

CVE-2010-3316

Severity Low
Score 3.3/10

Summary

The run_coprocess function in pam_xauth.c in the pam_xauth module in Linux-PAM (aka pam) before 1.1.2 does not check the return values of the setuid, setgid, and setgroups system calls, which might allow local users to read arbitrary files by executing a program that relies on the pam_xauth PAM check.

  • MEDIUM
  • LOCAL
  • NONE
  • PARTIAL
  • PARTIAL
  • NONE

References

Advisory Timeline

  • Published