Severity: Unknown
Affected Package: pam
Summary: PAM does not validate service names, allowing escape from the policy path
pam_start() does not validate the service name, so a caller can supply a name containing path separators and escape the intended PAM policy directory. This can be exploited by unprivileged local users through set-user-ID PAM applications (for example in KDE) to load an attacker-controlled policy and gain elevated privileges.
No specific recommendations provided.
Aliases: CVE-2011-4122
Published: December 23, 2011
Last Modified: December 23, 2011