Your submission was sent successfully! Close

Thank you for contacting us. A member of our team will be in touch shortly. Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

CVE-2010-0832

Publication date 7 July 2010

Last updated 24 July 2024


Ubuntu priority

pam_motd (aka the MOTD module) in libpam-modules before 1.1.0-2ubuntu1.1 in PAM on Ubuntu 9.10 and libpam-modules before 1.1.1-2ubuntu5 in PAM on Ubuntu 10.04 LTS allows local users to change the ownership of arbitrary files via a symlink attack on .cache in a user's home directory, related to "user file stamps" and the motd.legal-notice file.

From the Ubuntu Security Team

Denis Excoffier discovered that the PAM MOTD module in Ubuntu did not correctly handle path permissions when creating user file stamps. A local attacker could exploit this to gain root privilieges.

Read the notes from the security team

Status

Package Ubuntu Release Status
pam 10.04 LTS lucid
Fixed 1.1.1-2ubuntu5
9.10 karmic
Fixed 1.1.0-2ubuntu1.1
9.04 jaunty
Not affected
8.04 LTS hardy
Not affected
6.06 LTS dapper
Not affected

Notes


kees

Ubuntu-specific patch.

References

Related Ubuntu Security Notices (USN)

Other references