Your submission was sent successfully! Close

CVE-2010-0832

Published: 7 July 2010

pam_motd (aka the MOTD module) in libpam-modules before 1.1.0-2ubuntu1.1 in PAM on Ubuntu 9.10 and libpam-modules before 1.1.1-2ubuntu5 in PAM on Ubuntu 10.04 LTS allows local users to change the ownership of arbitrary files via a symlink attack on .cache in a user's home directory, related to "user file stamps" and the motd.legal-notice file.

From the Ubuntu security team

Denis Excoffier discovered that the PAM MOTD module in Ubuntu did not correctly handle path permissions when creating user file stamps. A local attacker could exploit this to gain root privilieges.

Priority

High

Status

Package Release Status
pam
Launchpad, Ubuntu, Debian
dapper Not vulnerable

hardy Not vulnerable

jaunty Not vulnerable

karmic
Released (1.1.0-2ubuntu1.1)
lucid
Released (1.1.1-2ubuntu5)
upstream Not vulnerable