CVE-2010-3435

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2010-3435

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2010-3435.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2010-3435

Downstream

DEBIAN-CVE-2010-3435

RHSA-2010:0819

RHSA-2010:0891

Published

2011-01-24T18:00:02Z

Modified

2025-08-09T20:01:28Z

Summary

[none]

Details

The (1) pamenv and (2) pammail modules in Linux-PAM (aka pam) before 1.1.2 use root privileges during read access to files and directories that belong to arbitrary user accounts, which might allow local users to obtain sensitive information by leveraging this filesystem activity, as demonstrated by a symlink attack on the .pam_environment file in a user's home directory.

References

http://secunia.com/advisories/49711
http://security.gentoo.org/glsa/glsa-201206-31.xml
http://www.mandriva.com/security/advisories?name=MDVSA-2010:220
http://www.vmware.com/security/advisories/VMSA-2011-0004.html
http://www.vupen.com/english/advisories/2011/0606
http://openwall.com/lists/oss-security/2010/09/21/3
http://openwall.com/lists/oss-security/2010/09/27/4
http://openwall.com/lists/oss-security/2010/09/27/5
http://openwall.com/lists/oss-security/2010/09/27/7
http://openwall.com/lists/oss-security/2010/10/25/2
https://bugzilla.redhat.com/show_bug.cgi?id=641335
http://git.altlinux.org/people/ldv/packages/?p=pam.git%3Ba=commit%3Bh=06f882f30092a39a1db867c9744b2ca8d60e4ad6
http://lists.vmware.com/pipermail/security-announce/2011/000126.html
http://openwall.com/lists/oss-security/2010/09/27/10
http://openwall.com/lists/oss-security/2010/09/27/8
http://www.openwall.com/lists/oss-security/2010/09/24/2
http://www.redhat.com/support/errata/RHSA-2010-0819.html
http://www.redhat.com/support/errata/RHSA-2010-0891.html
http://www.securityfocus.com/archive/1/516909/100/0/threaded

CVE-2010-3435

Affected packages