CVE-2010-3435

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2010-3435

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2010-3435.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2010-3435

Related

Published

2011-01-24T18:00:02Z

Modified

2024-06-30T12:01:22Z

Summary

[none]

Details

The (1) pamenv and (2) pammail modules in Linux-PAM (aka pam) before 1.1.2 use root privileges during read access to files and directories that belong to arbitrary user accounts, which might allow local users to obtain sensitive information by leveraging this filesystem activity, as demonstrated by a symlink attack on the .pam_environment file in a user's home directory.

References

Affected packages

Debian:11 / pam

Package

Name: pam
Purl: pkg:deb/debian/pam?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.1.3-1

Ecosystem specific

{
    "urgency": "low"
}

Debian:12 / pam

Package

Name: pam
Purl: pkg:deb/debian/pam?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.1.3-1

Ecosystem specific

{
    "urgency": "low"
}

Debian:13 / pam

Package

Name: pam
Purl: pkg:deb/debian/pam?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.1.3-1

Ecosystem specific

{
    "urgency": "low"
}