In the provided by the project PAM module that allows you to connect authentication modules in the Python language, (), which gives you the opportunity to increase your privileges in the system. When using a vulnerable version of pam-python (not installed by default), a local user can gain root access by with environment variables handled by Python by default (for example, you can trigger saving a file with bytecode to overwrite system files).
The vulnerability is present in the latest stable release 1.0.6, offered since August 2016. The issue was identified during an audit of the pam-python PAM module conducted by the developers from the team , and already fixed in the update . The status of updates to pam-python packages can be tracked on the following pages: , , . Fedora and RHEL module .
Source: opennet.ru