Privilege Escalation in Linux-PAM by Vendor
CVE-2010-3430

Currently unrated

Key Information:

Vendor

Linux-pam

Status
Linux-pam
Vendor
CVE Published:
24 January 2011

What is CVE-2010-3430?

The privilege-dropping implementation in the pam_env and pam_mail modules of Linux-PAM version 1.1.2 is susceptible to a vulnerability allowing local users to leverage unintended group permissions to access sensitive information. This issue can be exploited through a symlink attack on the .pam_environment file located within a user's home directory, which bypasses the expected security measures. The vulnerability arises due to an incomplete fix relating to an earlier issue, making it critical for users to mitigate the risk in their systems.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

http://openwall.com/lists/oss-security/2010/09/27/5
mailing-listx_refsource_MLIST
http://openwall.com/lists/oss-security/2010/09/21/3
mailing-listx_refsource_MLIST
http://security.gentoo.org/glsa/glsa-201206-31.xml
vendor-advisoryx_refsource_GENTOO

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.