Your submission was sent successfully! Close

CVE-2019-16729

Published: 24 September 2019

pam-python before 1.0.7-1 has an issue in regard to the default environment variable handling of Python, which could allow for local root escalation in certain PAM setups.

From the Ubuntu security team

Malte Kraus discovered that Pam-python mishandled certain environment variables. A local attacker could potentially use this vulnerability to execute programs as root.

Priority

Medium

CVSS 3 base score: 7.8

Status

Package Release Status
pam-python
Launchpad, Ubuntu, Debian
bionic
Released (1.0.6-1.1+deb10u1build0.18.04.1)
disco Ignored
(reached end-of-life)
eoan Ignored
(reached end-of-life)
focal Not vulnerable
(1.0.7-1)
precise Does not exist

trusty Does not exist

upstream Needs triage

xenial
Released (1.0.4-1.1+deb8u1build0.16.04.1)