Launchpad CVE tracker

CVE 2010-0832

pam_motd (aka the MOTD module) in libpam-modules before 1.1.0-2ubuntu1.1 in PAM on Ubuntu 9.10 and libpam-modules before 1.1.1-2ubuntu5 in PAM on Ubuntu 10.04 LTS allows local users to change the ownership of arbitrary files via a symlink attack on .cache in a user's home directory, related to "user file stamps" and the motd.legal-notice file.

Related bugs and status

CVE-2010-0832 (Candidate) is related to these bugs:

Bug #481854: pam_motd patch to show /etc/legal fails to set flag

Summary				In	Importance	Status
	481854	pam_motd patch to show /etc/legal fails to set flag		pam (Ubuntu)	Undecided	Fix Released

Bug #790538: pam update causes cron to stop working with "Module is unknown" error

		In	Importance	Status
790538	pam update causes cron to stop working with "Module is unknown" error	pam (Ubuntu)	Critical	Fix Released
790538	pam update causes cron to stop working with "Module is unknown" error	pam (Ubuntu Hardy)	Critical	Fix Released
790538	pam update causes cron to stop working with "Module is unknown" error	pam (Ubuntu Lucid)	Critical	Fix Released
790538	pam update causes cron to stop working with "Module is unknown" error	pam (Ubuntu Natty)	Critical	Fix Released
790538	pam update causes cron to stop working with "Module is unknown" error	pam (Ubuntu Maverick)	Critical	Fix Released

See the

CVE page on Mitre.org for more details.

References

EXPLOIT-DB: 14273
MISC: http://twitter.com/jon...
MISC: http://www.h-online.co...
UBUNTU: USN-959-1
BID: 41465
OSVDB: 66116
SECUNIA: 40512
VUPEN: ADV-2010-1747
XF: pammotd-motdlegalnotic...

Launchpad.net

CVE 2010-0832

Related bugs and status

Related bugs

References