CVE-2010-3435

NONE EPSS 27.6%
Published Jan 24, 201115y ago · Modified Jun 16, 20262w ago
Find Similar
Published Jan 24, 2011 15y ago
Last Modified Jun 16, 2026 2w ago

Description

The (1) pam_env and (2) pam_mail modules in Linux-PAM (aka pam) before 1.1.2 use root privileges during read access to files and directories that belong to arbitrary user accounts, which might allow local users to obtain sensitive information by leveraging this filesystem activity, as demonstrated by a symlink attack on the .pam_environment file in a user's home directory.

Threat Intelligence

EPSS Exploit Probability
27.6% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Affected Products 23

VendorProductVersionRange
linux-pamlinux-pam* ≤1.1.1
linux-pamlinux-pam0.99.1.0any
linux-pamlinux-pam0.99.2.0any
linux-pamlinux-pam0.99.2.1any
linux-pamlinux-pam0.99.3.0any
linux-pamlinux-pam0.99.4.0any
linux-pamlinux-pam0.99.5.0any
linux-pamlinux-pam0.99.6.0any
linux-pamlinux-pam0.99.6.1any
linux-pamlinux-pam0.99.6.2any
linux-pamlinux-pam0.99.6.3any
linux-pamlinux-pam0.99.7.0any
linux-pamlinux-pam0.99.7.1any
linux-pamlinux-pam0.99.8.0any
linux-pamlinux-pam0.99.8.1any
linux-pamlinux-pam0.99.9.0any
linux-pamlinux-pam0.99.10.0any
linux-pamlinux-pam1.0.0any
linux-pamlinux-pam1.0.1any
linux-pamlinux-pam1.0.2any
linux-pamlinux-pam1.0.3any
linux-pamlinux-pam1.0.4any
linux-pamlinux-pam1.1.0any

References 19

  • git.altlinux.org http://git.altlinux.org/people/ldv/packages/?p=pam.git%3Ba=commit%3Bh=06f882f30092a39a1db867c9744b2ca8d60e4ad6
  • lists.vmware.com http://lists.vmware.com/pipermail/security-announce/2011/000126.html
  • openwall.com http://openwall.com/lists/oss-security/2010/09/21/3
    Patch
  • openwall.com http://openwall.com/lists/oss-security/2010/09/27/10
  • openwall.com http://openwall.com/lists/oss-security/2010/09/27/4
    Patch
  • openwall.com http://openwall.com/lists/oss-security/2010/09/27/5
    Patch
  • openwall.com http://openwall.com/lists/oss-security/2010/09/27/7
    Patch
  • openwall.com http://openwall.com/lists/oss-security/2010/09/27/8
  • openwall.com http://openwall.com/lists/oss-security/2010/10/25/2
    Patch
  • secunia.com http://secunia.com/advisories/49711
  • security.gentoo.org http://security.gentoo.org/glsa/glsa-201206-31.xml
  • mandriva.com http://www.mandriva.com/security/advisories?name=MDVSA-2010:220
  • openwall.com http://www.openwall.com/lists/oss-security/2010/09/24/2
  • redhat.com http://www.redhat.com/support/errata/RHSA-2010-0819.html
  • redhat.com http://www.redhat.com/support/errata/RHSA-2010-0891.html
  • securityfocus.com http://www.securityfocus.com/archive/1/516909/100/0/threaded
  • vmware.com http://www.vmware.com/security/advisories/VMSA-2011-0004.html
  • vupen.com http://www.vupen.com/english/advisories/2011/0606
  • bugzilla.redhat.com https://bugzilla.redhat.com/show_bug.cgi?id=641335
    Patch

Remediation

  • openwall.com http://openwall.com/lists/oss-security/2010/09/21/3
    Patch
  • openwall.com http://openwall.com/lists/oss-security/2010/09/27/4
    Patch
  • openwall.com http://openwall.com/lists/oss-security/2010/09/27/5
    Patch
  • openwall.com http://openwall.com/lists/oss-security/2010/09/27/7
    Patch
  • openwall.com http://openwall.com/lists/oss-security/2010/10/25/2
    Patch
  • bugzilla.redhat.com https://bugzilla.redhat.com/show_bug.cgi?id=641335
    Patch