Privilege Escalation in Linux-PAM by Vendor
CVE-2010-3430

Currently unrated

Key Information:

Vendor: Linux-pam
Status: Linux-pam
Vendor: CVE Published:; 24 January 2011

What is CVE-2010-3430?

The privilege-dropping implementation in the pam_env and pam_mail modules of Linux-PAM version 1.1.2 is susceptible to a vulnerability allowing local users to leverage unintended group permissions to access sensitive information. This issue can be exploited through a symlink attack on the .pam_environment file located within a user's home directory, which bypasses the expected security measures. The vulnerability arises due to an incomplete fix relating to an earlier issue, making it critical for users to mitigate the risk in their systems.

References

http://openwall.com/lists/oss-security/2010/09/27/5

mailing-listx_refsource_MLIST

http://openwall.com/lists/oss-security/2010/09/21/3

mailing-listx_refsource_MLIST

http://security.gentoo.org/glsa/glsa-201206-31.xml

vendor-advisoryx_refsource_GENTOO

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 24, 2011
Vulnerability Reserved
Sep 17, 2010

Linux-pam

What is CVE-2010-3430?

References

Timeline