CVE-2019-16729

Name: CVE-2019-16729
Creator: NVD / NIST
Published: 2019-09-24T05:15:11.283+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

HIGHCVSS 7.8/10EPSS 0.36%

Last modified Jun 17, 2026

CVE-2019-16729 is a high-severity vulnerability rated 7.8/10 on the CVSS scale. pam-python before 1.0.7-1 has an issue in regard to the default environment variable handling of Python, which could allow for local root escalation in certain PAM setups.. EPSS estimates a 0.36% chance of exploitation in the next 30 days.

Description

pam-python before 1.0.7-1 has an issue in regard to the default environment variable handling of Python, which could allow for local root escalation in certain PAM setups.

Metrics

CVSS 3.1

7.8/10

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS Probability

0.36%

27.5th percentile

Probability of exploitation in the next 30 days. Learn more

Affected Software

Vendor	Product	Versions
Pam-Python Project	Pam-Python	< 1.0.7-1
Debian	Debian Linux	8.0
Debian	Debian Linux	9.0
Debian	Debian Linux	10.0
Canonical	Ubuntu Linux	16.04
Canonical	Ubuntu Linux	18.04

References

https://bugzilla.suse.com/show_bug.cgi?id=1150510#c1Issue Tracking, Third Party Advisory
https://lists.debian.org/debian-lts-announce/2019/11/msg00020.htmlMailing List, Third Party Advisory
https://sourceforge.net/p/pam-python/code/ci/0247ab687b4347cc52859ca461fb0126dd7e2ebe/Patch
https://tracker.debian.org/news/1066790/accepted-pam-python-107-1-source-amd64-all-into-unstable/Mailing List, Third Party Advisory
https://usn.ubuntu.com/4552-1/Third Party Advisory
https://usn.ubuntu.com/4552-2/Third Party Advisory
https://www.debian.org/security/2019/dsa-4555Third Party Advisory
https://bugzilla.suse.com/show_bug.cgi?id=1150510#c1Issue Tracking, Third Party Advisory
https://lists.debian.org/debian-lts-announce/2019/11/msg00020.htmlMailing List, Third Party Advisory
https://sourceforge.net/p/pam-python/code/ci/0247ab687b4347cc52859ca461fb0126dd7e2ebe/Patch
https://tracker.debian.org/news/1066790/accepted-pam-python-107-1-source-amd64-all-into-unstable/Mailing List, Third Party Advisory
https://usn.ubuntu.com/4552-1/Third Party Advisory
https://usn.ubuntu.com/4552-2/Third Party Advisory
https://www.debian.org/security/2019/dsa-4555Third Party Advisory

Timeline

Published: Sep 24, 2019
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2019-16729?

pam-python before 1.0.7-1 has an issue in regard to the default environment variable handling of Python, which could allow for local root escalation in certain PAM setups.

How severe is CVE-2019-16729?

CVE-2019-16729 has a CVSS score of 7.8/10 (HIGH severity). The EPSS model estimates a 0.36% probability of exploitation in the next 30 days.

How do I fix CVE-2019-16729?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2019-16729?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST