Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-3628

Overview

Vulnerability Score 6.9 6.9
CVE Id CVE-2011-3628
Last Modified 16 Apr 2014 11:04:35
Published 15 Apr 2014 07:55:07
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector LOCAL
Access Complexity MEDIUM
Authentication NONE

CVE-2011-3628

Summary

Untrusted search path vulnerability in pam_motd (aka the MOTD module) in libpam-modules before 1.1.3-2ubuntu2.1 on Ubuntu 11.10, before 1.1.2-2ubuntu8.4 on Ubuntu 11.04, before 1.1.1-4ubuntu2.4 on Ubuntu 10.10, before 1.1.1-2ubuntu5.4 on Ubuntu 10.04 LTS, and before 0.99.7.1-5ubuntu6.5 on Ubuntu 8.04 LTS, when using certain configurations such as "session optional pam_motd.so", allows local users to gain privileges by modifying the PATH environment variable to reference a malicious command, as demonstrated via uname.

Vulnerable Systems

Operating System

  • Canonical Ubuntu Linux 10.04

  • Canonical Ubuntu Linux 10.10

  • Canonical Ubuntu Linux 11.04

  • Canonical Ubuntu Linux 11.10

  • Canonical Ubuntu Linux 8.04

Application

  • Canonical Libpam-modules 0.9.7

  • Canonical Libpam-modules 1.1.1

  • Canonical Libpam-modules 1.1.2

  • Canonical Libpam-modules 1.1.3


References

CONFIRM - https://bugs.launchpad.net/ubuntu/%2Bsource/pam/%2Bbug/610125

UBUNTU - USN-1237-1


Last Updated: 27 May 2016 11:05:00