[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

249966

 
 

909

 
 

195636

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2010-3435Date: (C)2011-01-24   (M)2023-12-22


The (1) pam_env and (2) pam_mail modules in Linux-PAM (aka pam) before 1.1.2 use root privileges during read access to files and directories that belong to arbitrary user accounts, which might allow local users to obtain sensitive information by leveraging this filesystem activity, as demonstrated by a symlink attack on the .pam_environment file in a user's home directory.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 4.7
Exploit Score: 3.4
Impact Score: 6.9
 
CVSS V2 Metrics:
Access Vector: LOCAL
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality: COMPLETE
Integrity: NONE
Availability: NONE
  
Reference:
http://www.securityfocus.com/archive/1/516909/100/0/threaded
SECUNIA-49711
ADV-2011-0606
GLSA-201206-31
MDVSA-2010:220
RHSA-2010:0819
RHSA-2010:0891
http://openwall.com/lists/oss-security/2010/09/21/3
http://www.openwall.com/lists/oss-security/2010/09/24/2
http://openwall.com/lists/oss-security/2010/09/27/4
http://openwall.com/lists/oss-security/2010/09/27/10
http://openwall.com/lists/oss-security/2010/10/25/2
http://lists.vmware.com/pipermail/security-announce/2011/000126.html
http://git.altlinux.org/people/ldv/packages/?p=pam.git%3Ba=commit%3Bh=06f882f30092a39a1db867c9744b2ca8d60e4ad6
http://www.vmware.com/security/advisories/VMSA-2011-0004.html
https://bugzilla.redhat.com/show_bug.cgi?id=641335

OVAL    10
oval:org.secpod.oval:def:201792
oval:org.secpod.oval:def:700516
oval:org.secpod.oval:def:500311
oval:org.secpod.oval:def:300275
...

© SecPod Technologies