Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2010-0832 — Link Following in Ubuntu Linux

CWE-59 — Link Following7 documents5 sources

Severity

6.9MEDIUMNVD

EPSS

0.4%

top 41.61%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Canonical Ubuntu Linux Debian PAM

Timeline

PublishedJul 12

Latest updateMay 2

Description

pam_motd (aka the MOTD module) in libpam-modules before 1.1.0-2ubuntu1.1 in PAM on Ubuntu 9.10 and libpam-modules before 1.1.1-2ubuntu5 in PAM on Ubuntu 10.04 LTS allows local users to change the ownership of arbitrary files via a symlink attack on .cache in a user's home directory, related to "user file stamps" and the motd.legal-notice file.

CVSS vector

AV:L/AC:M/C:C/I:C/A:CExploitability: 3.4 | Impact: 10.0

Affected Packages1 packages

▶debiandebian/pam

Also affects: Ubuntu Linux 10.04, 9.10

Patches

Patch: www.securityfocus.com ↗Patch: www.securityfocus.com ↗

🔴Vulnerability Details

GHSA

GHSA-3m5q-4mj3-9362: pam_motd (aka the MOTD module) in libpam-modules before 1↗2022-05-02

▶

💥Exploits & PoCs

Exploit-DB

Linux PAM 1.1.0 (Ubuntu 9.10/10.04) - MOTD File Tampering Privilege Escalation (2)↗2010-07-12

▶

Exploit-DB

Linux PAM 1.1.0 (Ubuntu 9.10/10.04) - MOTD File Tampering Privilege Escalation (1)↗2010-07-08

▶

📋Vendor Advisories

Ubuntu

PAM vulnerability↗2010-10-25

▶

Ubuntu

PAM vulnerability↗2010-07-07

▶

Debian

CVE-2010-0832: pam - pam_motd (aka the MOTD module) in libpam-modules before 1.1.0-2ubuntu1.1 in PAM ...↗2010

▶