CVE-2010-3435

Severity

47%

Complexity

34%

Confidentiality

115%

The (1) pam_env and (2) pam_mail modules in Linux-PAM (aka pam) before 1.1.2 use root privileges during read access to files and directories that belong to arbitrary user accounts, which might allow local users to obtain sensitive information by leveraging this filesystem activity, as demonstrated by a symlink attack on the .pam_environment file in a user's home directory.

The (1) pam_env and (2) pam_mail modules in Linux-PAM (aka pam) before 1.1.2 use root privileges during read access to files and directories that belong to arbitrary user accounts, which might allow local users to obtain sensitive information by leveraging this filesystem activity, as demonstrated by a symlink attack on the .pam_environment file in a user's home directory.

CVSS 2.0 Base Score 4.7. CVSS Attack Vector: local. CVSS Attack Complexity: medium. CVSS Vector: (AV:L/AC:M/Au:N/C:C/I:N/A:N).

Overview

Type

Linux-PAM

First reported 14 years ago

2011-01-24 18:00:00

Last updated 6 years ago

2019-01-03 15:01:00

Affected Software

Linux-PAM 0.99.1.0

0.99.1.0

Linux-PAM 0.99.2.0

0.99.2.0

Linux-PAM 0.99.2.1

0.99.2.1

Linux-PAM 0.99.3.0

0.99.3.0

Linux-PAM 0.99.4.0

0.99.4.0

Linux-PAM 0.99.5.0

0.99.5.0

Linux-PAM 0.99.6.0

0.99.6.0

Linux-PAM 0.99.6.1

0.99.6.1

Linux-PAM 0.99.6.2

0.99.6.2

Linux-PAM 0.99.6.3

0.99.6.3

Linux-PAM 0.99.7.0

0.99.7.0

Linux-PAM 0.99.7.1

0.99.7.1

Linux-PAM 0.99.8.0

0.99.8.0

Linux-PAM 0.99.8.1

0.99.8.1

Linux-PAM 0.99.9.0

0.99.9.0

Linux-PAM 0.99.10.0

0.99.10.0

Linux-PAM 1.0.0

1.0.0

Linux-PAM 1.0.1

1.0.1

Linux-PAM 1.0.2

1.0.2

Linux-PAM 1.0.3

1.0.3

Linux-PAM 1.0.4

1.0.4

Linux-PAM 1.1.0

1.1.0

References

http://git.altlinux.org/people/ldv/packages/?p=pam.git;a=commit;h=06f882f30092a39a1db867c9744b2ca8d60e4ad6

Patch

[security-announce] 20110307 VMSA-2011-0004 VMware ESX/ESXi SLPD denial of service vulnerability and ESX third party updates for Service Console packages bind, pam, and rpm

[oss-security] 20100921 Re: Minor security flaw with pam_xauth

Patch

[oss-security] 20100928 Re: Minor security flaw with pam_xauth

[oss-security] 20100927 Re: Minor security flaw with pam_xauth

Patch

[oss-security] 20100927 Re: Minor security flaw with pam_xauth

Patch

[oss-security] 20100928 Re: Minor security flaw with pam_xauth

Patch

[oss-security] 20100927 Re: Minor security flaw with pam_xauth

[oss-security] 20101025 Re: Minor security flaw with pam_xauth

Patch

49711

GLSA-201206-31

MDVSA-2010:220

[oss-security] 20100924 Re: Minor security flaw with pam_xauth

RHSA-2010:0819

RHSA-2010:0891

20110308 VMSA-2011-0004 VMware ESX/ESXi SLPD denial of service vulnerability and ESX third party updates for Service Console packages bind, pam, and rpm.

http://www.vmware.com/security/advisories/VMSA-2011-0004.html

ADV-2011-0606

https://bugzilla.redhat.com/show_bug.cgi?id=641335

Patch

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.