Vulnerability Details CVE-2010-4708
The pam_env module in Linux-PAM (aka pam) 1.1.2 and earlier reads the .pam_environment file in a user's home directory, which might allow local users to run programs with an unintended environment by executing a program that relies on the pam_env PAM check.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 14.9%
CVSS Severity
CVSS v2 Score 7.2
References
- http://openwall.com/lists/oss-security/2010/09/27/7
- http://pam.cvs.sourceforge.net/viewvc/pam/Linux-PAM/modules/pam_env/pam_env.8.xml?r1=1.7&r2=1.8
- http://pam.cvs.sourceforge.net/viewvc/pam/Linux-PAM/modules/pam_env/pam_env.c?r1=1.22&r2=1.23
- http://secunia.com/advisories/49711
- http://security.gentoo.org/glsa/glsa-201206-31.xml
- http://www.securityfocus.com/bid/46046
- https://bugzilla.redhat.com/show_bug.cgi?id=641335
- https://exchange.xforce.ibmcloud.com/vulnerabilities/65037
- http://openwall.com/lists/oss-security/2010/09/27/7
- http://pam.cvs.sourceforge.net/viewvc/pam/Linux-PAM/modules/pam_env/pam_env.8.xml?r1=1.7&r2=1.8
- http://pam.cvs.sourceforge.net/viewvc/pam/Linux-PAM/modules/pam_env/pam_env.c?r1=1.22&r2=1.23
- http://secunia.com/advisories/49711
- http://security.gentoo.org/glsa/glsa-201206-31.xml
- http://www.securityfocus.com/bid/46046
- https://bugzilla.redhat.com/show_bug.cgi?id=641335
- https://exchange.xforce.ibmcloud.com/vulnerabilities/65037
Products affected by CVE-2010-4708
-
cpe:2.3:a:linux-pam:linux-pam:0.72
-
cpe:2.3:a:linux-pam:linux-pam:0.73
-
cpe:2.3:a:linux-pam:linux-pam:0.74
-
cpe:2.3:a:linux-pam:linux-pam:0.75
-
cpe:2.3:a:linux-pam:linux-pam:0.76
-
cpe:2.3:a:linux-pam:linux-pam:0.77
-
cpe:2.3:a:linux-pam:linux-pam:0.78
-
cpe:2.3:a:linux-pam:linux-pam:0.79
-
cpe:2.3:a:linux-pam:linux-pam:0.80
-
cpe:2.3:a:linux-pam:linux-pam:0.99.1.0
-
cpe:2.3:a:linux-pam:linux-pam:0.99.10.0
-
cpe:2.3:a:linux-pam:linux-pam:0.99.2.0
-
cpe:2.3:a:linux-pam:linux-pam:0.99.2.1
-
cpe:2.3:a:linux-pam:linux-pam:0.99.3.0
-
cpe:2.3:a:linux-pam:linux-pam:0.99.4.0
-
cpe:2.3:a:linux-pam:linux-pam:0.99.5.0
-
cpe:2.3:a:linux-pam:linux-pam:0.99.6.0
-
cpe:2.3:a:linux-pam:linux-pam:0.99.6.1
-
cpe:2.3:a:linux-pam:linux-pam:0.99.6.2
-
cpe:2.3:a:linux-pam:linux-pam:0.99.6.3
-
cpe:2.3:a:linux-pam:linux-pam:0.99.7.0
-
cpe:2.3:a:linux-pam:linux-pam:0.99.7.1
-
cpe:2.3:a:linux-pam:linux-pam:0.99.8.0
-
cpe:2.3:a:linux-pam:linux-pam:0.99.8.1
-
cpe:2.3:a:linux-pam:linux-pam:0.99.9.0
-
cpe:2.3:a:linux-pam:linux-pam:1.0.0
-
cpe:2.3:a:linux-pam:linux-pam:1.0.1
-
cpe:2.3:a:linux-pam:linux-pam:1.0.2
-
cpe:2.3:a:linux-pam:linux-pam:1.0.3
-
cpe:2.3:a:linux-pam:linux-pam:1.0.4
-
cpe:2.3:a:linux-pam:linux-pam:1.0.90
-
cpe:2.3:a:linux-pam:linux-pam:1.0.91
-
cpe:2.3:a:linux-pam:linux-pam:1.0.92
-
cpe:2.3:a:linux-pam:linux-pam:1.1.0
-
cpe:2.3:a:linux-pam:linux-pam:1.1.1
-
cpe:2.3:a:linux-pam:linux-pam:1.1.2