Ubuntu Security Notice (C) 2011-2016 Canonical, Inc. / NASL script (C) 2011-2016 Tenable Network Security, Inc.
The remote Ubuntu host is missing a security-related patch.
Marcus Granado discovered that PAM incorrectly handled configuration
files with non-ASCII usernames. A remote attacker could use this flaw
to cause a denial of service, or possibly obtain login access with a
different users username. This issue only affected Ubuntu 8.04 LTS.
It was discovered that the PAM pam_xauth, pam_env and pam_mail modules
incorrectly handled dropping privileges when performing operations. A
local attacker could use this flaw to read certain arbitrary files,
and access other sensitive information. (CVE-2010-3316, CVE-2010-3430,
It was discovered that the PAM pam_namespace module incorrectly
cleaned the environment during execution of the namespace.init script.
A local attacker could use this flaw to possibly gain privileges.
It was discovered that the PAM pam_xauth module incorrectly handled
certain failures. A local attacker could use this flaw to delete
certain unintended files. (CVE-2010-4706)
It was discovered that the PAM pam_xauth module incorrectly verified
certain file properties. A local attacker could use this flaw to cause
a denial of service. (CVE-2010-4707).
Note that Tenable Network Security has extracted the preceding
description block directly from the Ubuntu security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.
Update the affected libpam-modules package.
Risk factor :
Medium / CVSS Base Score : 6.9
CVSS Temporal Score : 6.0
Public Exploit Available : false
Family: Ubuntu Local Security Checks
Nessus Plugin ID: 55102 ()
Get Nessus Professional to scan unlimited IPs, run compliance checks & moreBuy Nessus Professional Now