CVE-2010-4708 — Linux-pam vulnerability

6 documents6 sources

Severity

7.2HIGHNVD

EPSS

0.1%

top 73.17%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

PAM Debian PAM Linux-pam

Timeline

PublishedJan 24

Latest updateMay 14

Description

The pam_env module in Linux-PAM (aka pam) 1.1.2 and earlier reads the .pam_environment file in a user's home directory, which might allow local users to run programs with an unintended environment by executing a program that relies on the pam_env PAM check.

CVSS vector

AV:L/AC:L/C:C/I:C/A:CExploitability: 3.9 | Impact: 10.0

Affected Packages3 packages

▶NVDlinux-pam/linux-pam1.1.2+23

▶debiandebian/pam< pam 1.1.3-7.1 (bookworm)

▶Debianpam/pam< 1.1.3-7.1+3

Patches

Patch: openwall.com ↗Patch: pam.cvs.sourceforge.net ↗Patch: bugzilla.redhat.com ↗

🔴Vulnerability Details

GHSA

GHSA-77qw-jxwx-7hx3: The pam_env module in Linux-PAM (aka pam) 1↗2022-05-14

▶

OSV

CVE-2010-4708: The pam_env module in Linux-PAM (aka pam) 1↗2011-01-24

▶

📋Vendor Advisories

Red Hat

pam: pam_env: reading ~/.pam_environment is security risk↗2010-09-27

▶

Debian

CVE-2010-4708: pam - The pam_env module in Linux-PAM (aka pam) 1.1.2 and earlier reads the .pam_envir...↗2010

▶

💬Community

Bugzilla

CVE-2010-4708 pam: pam_env: reading ~/.pam_environment is security risk↗2011-01-25

▶