Alerts This Week
Warning Icon 1 640
Alerts This Week
Warning Icon 1 640

Ubuntu 18.04 LTS: 4552-1 Critical: Pam-Python Execution Risk

ubuntu
Calendar Grey September 28, 2020
Dist Ubuntu Esm H88
A vulnerability in Pam-python within Ubuntu 18.04 enables local users to run programs with root permissions. It is advised to apply updates to mitigate potential security risks.
Pam-python could be made to crash or run programs as an administrator if certain environment variables are set.

Summary

Pam-python could be made to crash or run programs as an administrator

if certain environment variables are set.

Software Description:

- pam-python: Enables PAM modules to be written in Python

Details:

Malte Kraus discovered that Pam-python mishandled certain environment variables.

A local attacker could potentially use this vulnerability to execute programs

as root.

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 18.04 LTS:
  libpam-python                   1.0.6-1.1+deb10u1build0.18.04.1

In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-4552-1

CVE-2019-16729

Severity
critical
Lowest
Low
Medium
High
Critical

September 28, 2020

Package Information

--
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here