CVE-2010-3435
NONE EPSS 27.6%
Published Jan 24, 201115y ago · Modified Jun 16, 20262w ago
Published Jan 24, 2011 15y ago
Last Modified Jun 16, 2026 2w ago
Description
The (1) pam_env and (2) pam_mail modules in Linux-PAM (aka pam) before 1.1.2 use root privileges during read access to files and directories that belong to arbitrary user accounts, which might allow local users to obtain sensitive information by leveraging this filesystem activity, as demonstrated by a symlink attack on the .pam_environment file in a user's home directory.
Threat Intelligence
EPSS Exploit Probability
27.6% percentile
Exploit & Patch Status
No Known Exploit
Patch Available
Affected Products 23
| Vendor | Product | Version | Range |
|---|---|---|---|
| linux-pam | linux-pam | * | ≤1.1.1 |
| linux-pam | linux-pam | 0.99.1.0 | any |
| linux-pam | linux-pam | 0.99.2.0 | any |
| linux-pam | linux-pam | 0.99.2.1 | any |
| linux-pam | linux-pam | 0.99.3.0 | any |
| linux-pam | linux-pam | 0.99.4.0 | any |
| linux-pam | linux-pam | 0.99.5.0 | any |
| linux-pam | linux-pam | 0.99.6.0 | any |
| linux-pam | linux-pam | 0.99.6.1 | any |
| linux-pam | linux-pam | 0.99.6.2 | any |
| linux-pam | linux-pam | 0.99.6.3 | any |
| linux-pam | linux-pam | 0.99.7.0 | any |
| linux-pam | linux-pam | 0.99.7.1 | any |
| linux-pam | linux-pam | 0.99.8.0 | any |
| linux-pam | linux-pam | 0.99.8.1 | any |
| linux-pam | linux-pam | 0.99.9.0 | any |
| linux-pam | linux-pam | 0.99.10.0 | any |
| linux-pam | linux-pam | 1.0.0 | any |
| linux-pam | linux-pam | 1.0.1 | any |
| linux-pam | linux-pam | 1.0.2 | any |
| linux-pam | linux-pam | 1.0.3 | any |
| linux-pam | linux-pam | 1.0.4 | any |
| linux-pam | linux-pam | 1.1.0 | any |
References 19
- git.altlinux.org http://git.altlinux.org/people/ldv/packages/?p=pam.git%3Ba=commit%3Bh=06f882f30092a39a1db867c9744b2ca8d60e4ad6
- lists.vmware.com http://lists.vmware.com/pipermail/security-announce/2011/000126.html
- openwall.com http://openwall.com/lists/oss-security/2010/09/21/3
- openwall.com http://openwall.com/lists/oss-security/2010/09/27/10
- openwall.com http://openwall.com/lists/oss-security/2010/09/27/4
- openwall.com http://openwall.com/lists/oss-security/2010/09/27/5
- openwall.com http://openwall.com/lists/oss-security/2010/09/27/7
- openwall.com http://openwall.com/lists/oss-security/2010/09/27/8
- openwall.com http://openwall.com/lists/oss-security/2010/10/25/2
- secunia.com http://secunia.com/advisories/49711
- security.gentoo.org http://security.gentoo.org/glsa/glsa-201206-31.xml
- mandriva.com http://www.mandriva.com/security/advisories?name=MDVSA-2010:220
- openwall.com http://www.openwall.com/lists/oss-security/2010/09/24/2
- redhat.com http://www.redhat.com/support/errata/RHSA-2010-0819.html
- redhat.com http://www.redhat.com/support/errata/RHSA-2010-0891.html
- securityfocus.com http://www.securityfocus.com/archive/1/516909/100/0/threaded
- vmware.com http://www.vmware.com/security/advisories/VMSA-2011-0004.html
- vupen.com http://www.vupen.com/english/advisories/2011/0606
- bugzilla.redhat.com https://bugzilla.redhat.com/show_bug.cgi?id=641335
Remediation
- openwall.com http://openwall.com/lists/oss-security/2010/09/21/3
- openwall.com http://openwall.com/lists/oss-security/2010/09/27/4
- openwall.com http://openwall.com/lists/oss-security/2010/09/27/5
- openwall.com http://openwall.com/lists/oss-security/2010/09/27/7
- openwall.com http://openwall.com/lists/oss-security/2010/10/25/2
- bugzilla.redhat.com https://bugzilla.redhat.com/show_bug.cgi?id=641335