Linux-PAM pam_namespace Module Privilege Escalation Vulnerability

A privilege escalation vulnerability has been identified in the Linux-PAM pam_namespace module. The issue arises because the module may mishandle user-controlled paths, creating opportunities for local users to exploit symlink attacks and race conditions. This exploitation can lead to unauthorized elevation of privileges to root. The vulnerability is present in Red Hat Enterprise Linux 7, 8, and 9.

Impact

Exploitation of this vulnerability allows local, unprivileged users to gain root privileges by manipulating filesystem paths in polyinstantiated directories under their control. This could be particularly damaging in multi-user environments or shared systems, where it could serve as a single point of compromise.

Remediation

Users are advised to disable the pam_namespace module if it is not essential for their environment. If the module is needed, it should be carefully reviewed and configured to avoid operating on directories or paths that can be influenced by unprivileged users, such as home directories or world-writable locations like /tmp.