CVE-2010-0832
Linux PAM 1.1.0 (Ubuntu 9.10/10.04) - MOTD File Tampering Privilege Escalation
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
6Exploited in Wild
-Decision
Descriptions
pam_motd (aka the MOTD module) in libpam-modules before 1.1.0-2ubuntu1.1 in PAM on Ubuntu 9.10 and libpam-modules before 1.1.1-2ubuntu5 in PAM on Ubuntu 10.04 LTS allows local users to change the ownership of arbitrary files via a symlink attack on .cache in a user's home directory, related to "user file stamps" and the motd.legal-notice file.
pam_motd (también conocido como el módulo MOTD) en libpam-modules anterior a v1.1.0-2ubuntu1.1 en PAM en Ubuntu v9.10 y libpam-modules anterior v1.1.1-2ubuntu5 en PAM en Ubuntu v10.04 LTS permite a usuarios locales cambiar propiedades de ficheros arbitrarios mediante un ataque symlink en .cache en el directorio home del usuario, relacionados con "user file stamps" y el fichero motd.legal-notice
USN-959-1 fixed vulnerabilities in PAM. This update provides the corresponding updates for Ubuntu 10.10. Denis Excoffier discovered that the PAM MOTD module in Ubuntu did not correctly handle path permissions when creating user file stamps. A local attacker could exploit this to gain root privileges.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2010-03-03 CVE Reserved
- 2010-07-08 CVE Published
- 2010-07-08 First Exploit
- 2024-08-07 CVE Updated
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-59: Improper Link Resolution Before File Access ('Link Following')
CAPEC
References (13)
| URL | Tag | Source |
|---|---|---|
| http://twitter.com/jonoberheide/statuses/18009527979 | X_refsource_misc | |
| http://www.h-online.com/security/news/item/Ubuntu-closes-root-hole-1034618.html | X_refsource_misc | |
| http://www.osvdb.org/66116 | Vdb Entry | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/60194 | Vdb Entry |
| URL | Date | SRC |
|---|---|---|
| https://packetstorm.news/files/id/91613 | 2010-07-08 | |
| https://packetstorm.news/files/id/91677 | 2010-07-13 | |
| https://www.exploit-db.com/exploits/14339 | 2010-07-12 | |
| https://www.exploit-db.com/exploits/14273 | 2010-07-10 | |
| http://www.exploit-db.com/exploits/14273 | 2024-08-07 | |
| http://www.securityfocus.com/bid/41465 | 2024-08-07 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://secunia.com/advisories/40512 | 2017-08-17 | |
| http://www.ubuntu.com/usn/USN-959-1 | 2017-08-17 | |
| http://www.vupen.com/english/advisories/2010/1747 | 2017-08-17 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 10.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "10.04" | lts |
Affected
| ||||||
| Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 9.10 Search vendor "Canonical" for product "Ubuntu Linux" and version "9.10" | - |
Affected
| ||||||