CVE-2010-3430

NONE EPSS 25.9%
Published Jan 24, 201115y ago · Modified Jun 16, 20262w ago
Find Similar
Published Jan 24, 2011 15y ago
Last Modified Jun 16, 2026 2w ago

Description

The privilege-dropping implementation in the (1) pam_env and (2) pam_mail modules in Linux-PAM (aka pam) 1.1.2 does not perform the required setfsgid and setgroups system calls, which might allow local users to obtain sensitive information by leveraging unintended group permissions, as demonstrated by a symlink attack on the .pam_environment file in a user's home directory. NOTE: this vulnerability exists because of an incomplete fix for CVE-2010-3435.

Threat Intelligence

EPSS Exploit Probability
25.9% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Affected Products 1

VendorProductVersionRange
linux-pamlinux-pam1.1.2any

References 16

  • git.altlinux.org http://git.altlinux.org/people/ldv/packages/?p=pam.git%3Ba=commit%3Bh=843807a3a90f52e7538be756616510730a24739a
  • openwall.com http://openwall.com/lists/oss-security/2010/09/21/10
  • openwall.com http://openwall.com/lists/oss-security/2010/09/21/3
    Patch
  • openwall.com http://openwall.com/lists/oss-security/2010/09/21/8
    Patch
  • openwall.com http://openwall.com/lists/oss-security/2010/09/21/9
  • openwall.com http://openwall.com/lists/oss-security/2010/09/27/10
  • openwall.com http://openwall.com/lists/oss-security/2010/09/27/4
    Patch
  • openwall.com http://openwall.com/lists/oss-security/2010/09/27/5
    Patch
  • openwall.com http://openwall.com/lists/oss-security/2010/09/27/7
    Patch
  • openwall.com http://openwall.com/lists/oss-security/2010/10/03/1
    Patch
  • openwall.com http://openwall.com/lists/oss-security/2010/10/25/2
    Patch
  • secunia.com http://secunia.com/advisories/49711
  • security.gentoo.org http://security.gentoo.org/glsa/glsa-201206-31.xml
  • openwall.com http://www.openwall.com/lists/oss-security/2010/09/21/11
  • openwall.com http://www.openwall.com/lists/oss-security/2010/09/24/2
  • bugzilla.redhat.com https://bugzilla.redhat.com/show_bug.cgi?id=641361
    Patch

Remediation

  • openwall.com http://openwall.com/lists/oss-security/2010/09/21/3
    Patch
  • openwall.com http://openwall.com/lists/oss-security/2010/09/21/8
    Patch
  • openwall.com http://openwall.com/lists/oss-security/2010/09/27/4
    Patch
  • openwall.com http://openwall.com/lists/oss-security/2010/09/27/5
    Patch
  • openwall.com http://openwall.com/lists/oss-security/2010/09/27/7
    Patch
  • openwall.com http://openwall.com/lists/oss-security/2010/10/03/1
    Patch
  • openwall.com http://openwall.com/lists/oss-security/2010/10/25/2
    Patch
  • bugzilla.redhat.com https://bugzilla.redhat.com/show_bug.cgi?id=641361
    Patch