Local File Access Vulnerability in Linux-PAM Modules by Linux
CVE-2010-3435

Currently unrated

Key Information:

Vendor

Linux-pam

Status
Linux-pam
Vendor
CVE Published:
24 January 2011

What is CVE-2010-3435?

The pam_env and pam_mail modules in Linux-PAM versions prior to 1.1.2 can unintentionally utilize root privileges while reading files and directories owned by various user accounts. This mismanagement may enable local users to access sensitive data by exploiting filesystem interactions, particularly through symlink attacks on the .pam_environment file located in a user's home directory. Such vulnerabilities necessitate diligent review and patching to safeguard against potential data leaks.

References

http://openwall.com/lists/oss-security/2010/09/27/5
mailing-listx_refsource_MLIST
http://openwall.com/lists/oss-security/2010/09/21/3
mailing-listx_refsource_MLIST
http://security.gentoo.org/glsa/glsa-201206-31.xml
vendor-advisoryx_refsource_GENTOO

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.