Description: A vulnerability has been identified in Linux-PAM, which allows malicious, local users to escalate their privileges.
The problem exists if PAM has been configured with "pam_wheel" to allow trusted users to become root without supplying the root password. Furthermore, the "trust" option has to be enabled and the "use_uid" option disabled.
Creating a "link" to the "tty" of a wheel user and starting "bash" so that it reads this "tty" allows malicious users to bypass the verification and escalate their privileges.
Customers of the Secunia Vulnerability Intelligence solutions will automatically receive updates when new information regarding this advisory is released.
If you have new information regarding this Secunia advisory or a product in our database, please send it to us using either our web form or email us at vuln@secunia.com.
Ideas, suggestions, and other feedback are most welcome.