This script is Copyright (C) 2012 Tenable Network Security, Inc.
The remote Scientific Linux host is missing one or more security
It was discovered that the pam_namespace module executed the external
script namespace.init with an unchanged environment inherited from an
application calling PAM. In cases where such an environment was
untrusted (for example, when pam_namespace was configured for setuid
applications such as su or sudo), a local, unprivileged user could
possibly use this flaw to escalate their privileges. (CVE-2010-3853)
It was discovered that the pam_mail module used root privileges while
accessing users' files. In certain configurations, a local,
unprivileged user could use this flaw to obtain limited information
about files or directories that they do not have access to.
It was discovered that the pam_xauth module did not verify the return
values of the setuid() and setgid() system calls. A local,
unprivileged user could use this flaw to execute the xauth command
with root privileges and make it read an arbitrary input file.
See also :
Update the affected pam and / or pam-devel packages.
Risk factor :
Medium / CVSS Base Score : 6.9
Family: Scientific Linux Local Security Checks
Nessus Plugin ID: 60882 ()
CVE ID: CVE-2010-3316CVE-2010-3435CVE-2010-3853
The cookie settings on this website are set to 'allow all cookies' to give you the very best website experience. If you continue without changing these settings, you consent to this - but if you want, you can opt out of all cookies by clicking below.