Local Privilege Escalation in Linux-PAM pam_env Module
CVE-2010-4708

Currently unrated

Key Information:

Vendor: Linux-pam
Status: Linux-pam
Vendor: CVE Published:; 24 January 2011

What is CVE-2010-4708?

The pam_env module in versions of Linux-PAM up to 1.1.2 is susceptible to a local privilege escalation vulnerability. It improperly processes the .pam_environment file located in a user's home directory. As a result, local users can potentially execute programs in an unintended environment by leveraging the pam_env PAM check. This flaw may lead to unauthorized actions during program execution and can be exploited by malicious actors to escalate their privileges on the system.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/65037

vdb-entryx_refsource_XF

http://security.gentoo.org/glsa/glsa-201206-31.xml

vendor-advisoryx_refsource_GENTOO

https://bugzilla.redhat.com/show_bug.cgi?id=641335

x_refsource_MISC

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 24, 2011
Vulnerability Reserved
Jan 24, 2011

Linux-pam

What is CVE-2010-4708?

References

Timeline