Vulnerability Details : CVE-2010-4707
The check_acl function in pam_xauth.c in the pam_xauth module in Linux-PAM (aka pam) 1.1.2 and earlier does not verify that a certain ACL file is a regular file, which might allow local users to cause a denial of service (resource consumption) via a special file.
Vulnerability category: Denial of service
Exploit prediction scoring system (EPSS) score for CVE-2010-4707
Probability of exploitation activity in the next 30 days: 0.04%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 6 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2010-4707
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
4.9
|
MEDIUM | AV:L/AC:L/Au:N/C:C/I:N/A:N |
3.9
|
6.9
|
NIST |
CWE ids for CVE-2010-4707
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2010-4707
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/65036
Linux-PAM check_acl function denial of service CVE-2010-4707 Vulnerability Report
-
http://security.gentoo.org/glsa/glsa-201206-31.xml
Linux-PAM: Multiple vulnerabilities (GLSA 201206-31) — Gentoo security
-
http://git.altlinux.org/people/ldv/packages/?p=pam.git;a=commit;h=Linux-PAM-1_1_2-2-gffe7058c70253d574b1963c7c93002bd410fddc9
git.altlinux.org - pam.git/commitPatch
-
http://openwall.com/lists/oss-security/2010/10/03/1
oss-security - Re: Minor security flaw with pam_xauthPatch
-
http://www.securityfocus.com/bid/46045
Linux-PAM 'pam_xauth' Module Denial of Service and Security Bypass Vulnerabilities
Products affected by CVE-2010-4707
- cpe:2.3:a:linux-pam:linux-pam:*:*:*:*:*:*:*:*
- cpe:2.3:a:linux-pam:linux-pam:1.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:linux-pam:linux-pam:0.99.9.0:*:*:*:*:*:*:*
- cpe:2.3:a:linux-pam:linux-pam:0.99.6.3:*:*:*:*:*:*:*
- cpe:2.3:a:linux-pam:linux-pam:0.99.6.1:*:*:*:*:*:*:*
- cpe:2.3:a:linux-pam:linux-pam:0.99.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:linux-pam:linux-pam:0.99.8.1:*:*:*:*:*:*:*
- cpe:2.3:a:linux-pam:linux-pam:0.99.8.0:*:*:*:*:*:*:*
- cpe:2.3:a:linux-pam:linux-pam:0.99.7.1:*:*:*:*:*:*:*
- cpe:2.3:a:linux-pam:linux-pam:0.99.7.0:*:*:*:*:*:*:*
- cpe:2.3:a:linux-pam:linux-pam:1.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:linux-pam:linux-pam:1.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:linux-pam:linux-pam:0.99.6.2:*:*:*:*:*:*:*
- cpe:2.3:a:linux-pam:linux-pam:0.99.6.0:*:*:*:*:*:*:*
- cpe:2.3:a:linux-pam:linux-pam:0.99.10.0:*:*:*:*:*:*:*
- cpe:2.3:a:linux-pam:linux-pam:1.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:linux-pam:linux-pam:0.99.5.0:*:*:*:*:*:*:*
- cpe:2.3:a:linux-pam:linux-pam:0.99.4.0:*:*:*:*:*:*:*
- cpe:2.3:a:linux-pam:linux-pam:0.99.3.0:*:*:*:*:*:*:*
- cpe:2.3:a:linux-pam:linux-pam:0.99.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:linux-pam:linux-pam:0.99.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:linux-pam:linux-pam:1.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:linux-pam:linux-pam:1.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:linux-pam:linux-pam:1.1.1:*:*:*:*:*:*:*