CVE-2010-3430
NONE EPSS 25.9%
Published Jan 24, 201115y ago · Modified Jun 16, 20262w ago
Published Jan 24, 2011 15y ago
Last Modified Jun 16, 2026 2w ago
Description
The privilege-dropping implementation in the (1) pam_env and (2) pam_mail modules in Linux-PAM (aka pam) 1.1.2 does not perform the required setfsgid and setgroups system calls, which might allow local users to obtain sensitive information by leveraging unintended group permissions, as demonstrated by a symlink attack on the .pam_environment file in a user's home directory. NOTE: this vulnerability exists because of an incomplete fix for CVE-2010-3435.
Threat Intelligence
EPSS Exploit Probability
25.9% percentile
Exploit & Patch Status
No Known Exploit
Patch Available
Affected Products 1
| Vendor | Product | Version | Range |
|---|---|---|---|
| linux-pam | linux-pam | 1.1.2 | any |
References 16
- git.altlinux.org http://git.altlinux.org/people/ldv/packages/?p=pam.git%3Ba=commit%3Bh=843807a3a90f52e7538be756616510730a24739a
- openwall.com http://openwall.com/lists/oss-security/2010/09/21/10
- openwall.com http://openwall.com/lists/oss-security/2010/09/21/3
- openwall.com http://openwall.com/lists/oss-security/2010/09/21/8
- openwall.com http://openwall.com/lists/oss-security/2010/09/21/9
- openwall.com http://openwall.com/lists/oss-security/2010/09/27/10
- openwall.com http://openwall.com/lists/oss-security/2010/09/27/4
- openwall.com http://openwall.com/lists/oss-security/2010/09/27/5
- openwall.com http://openwall.com/lists/oss-security/2010/09/27/7
- openwall.com http://openwall.com/lists/oss-security/2010/10/03/1
- openwall.com http://openwall.com/lists/oss-security/2010/10/25/2
- secunia.com http://secunia.com/advisories/49711
- security.gentoo.org http://security.gentoo.org/glsa/glsa-201206-31.xml
- openwall.com http://www.openwall.com/lists/oss-security/2010/09/21/11
- openwall.com http://www.openwall.com/lists/oss-security/2010/09/24/2
- bugzilla.redhat.com https://bugzilla.redhat.com/show_bug.cgi?id=641361
Remediation
- openwall.com http://openwall.com/lists/oss-security/2010/09/21/3
- openwall.com http://openwall.com/lists/oss-security/2010/09/21/8
- openwall.com http://openwall.com/lists/oss-security/2010/09/27/4
- openwall.com http://openwall.com/lists/oss-security/2010/09/27/5
- openwall.com http://openwall.com/lists/oss-security/2010/09/27/7
- openwall.com http://openwall.com/lists/oss-security/2010/10/03/1
- openwall.com http://openwall.com/lists/oss-security/2010/10/25/2
- bugzilla.redhat.com https://bugzilla.redhat.com/show_bug.cgi?id=641361