{
  "modified": "2025-08-09T19:01:27Z",
  "published": "2011-01-24T19:00:01Z",
  "id": "CVE-2010-4706",
  "details": "The pam_sm_close_session function in pam_xauth.c in the pam_xauth module in Linux-PAM (aka pam) 1.1.2 and earlier does not properly handle a failure to determine a certain target uid, which might allow local users to delete unintended files by executing a program that relies on the pam_xauth PAM check.",
  "references": [
    {
      "type": "ADVISORY",
      "url": "http://secunia.com/advisories/49711"
    },
    {
      "type": "ADVISORY",
      "url": "http://security.gentoo.org/glsa/glsa-201206-31.xml"
    },
    {
      "type": "FIX",
      "url": "http://openwall.com/lists/oss-security/2010/10/03/1"
    },
    {
      "type": "WEB",
      "url": "http://git.altlinux.org/people/ldv/packages/?p=pam.git%3Ba=commit%3Bh=Linux-PAM-1_1_2-3-g05dafc06cd3dfeb7c4b24942e4e1ae33ff75a123"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/46045"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65035"
    }
  ]
}