Vulnerability Details : CVE-2010-4708
The pam_env module in Linux-PAM (aka pam) 1.1.2 and earlier reads the .pam_environment file in a user's home directory, which might allow local users to run programs with an unintended environment by executing a program that relies on the pam_env PAM check.
Exploit prediction scoring system (EPSS) score for CVE-2010-4708
Probability of exploitation activity in the next 30 days: 0.04%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 6 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2010-4708
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
7.2
|
HIGH | AV:L/AC:L/Au:N/C:C/I:C/A:C |
3.9
|
10.0
|
NIST |
References for CVE-2010-4708
-
http://security.gentoo.org/glsa/glsa-201206-31.xml
Linux-PAM: Multiple vulnerabilities (GLSA 201206-31) — Gentoo security
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/65037
Linux-PAM pam_env module privilege escalation CVE-2010-4708 Vulnerability Report
-
http://pam.cvs.sourceforge.net/viewvc/pam/Linux-PAM/modules/pam_env/pam_env.c?r1=1.22&r2=1.23
CVS Info for project pamPatch
-
https://bugzilla.redhat.com/show_bug.cgi?id=641335
641335 – (CVE-2010-3435) CVE-2010-3435 pam: pam_env and pam_mail accessing users' file with root privilegesPatch
-
http://pam.cvs.sourceforge.net/viewvc/pam/Linux-PAM/modules/pam_env/pam_env.8.xml?r1=1.7&r2=1.8
CVS Info for project pam
-
http://openwall.com/lists/oss-security/2010/09/27/7
oss-security - Re: Minor security flaw with pam_xauthPatch
-
http://www.securityfocus.com/bid/46046
Linux-PAM 'pam_env' Module Local Privilege Escalation Vulnerability
Products affected by CVE-2010-4708
- cpe:2.3:a:linux-pam:linux-pam:*:*:*:*:*:*:*:*
- cpe:2.3:a:linux-pam:linux-pam:1.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:linux-pam:linux-pam:0.99.9.0:*:*:*:*:*:*:*
- cpe:2.3:a:linux-pam:linux-pam:0.99.6.3:*:*:*:*:*:*:*
- cpe:2.3:a:linux-pam:linux-pam:0.99.6.1:*:*:*:*:*:*:*
- cpe:2.3:a:linux-pam:linux-pam:0.99.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:linux-pam:linux-pam:0.99.8.1:*:*:*:*:*:*:*
- cpe:2.3:a:linux-pam:linux-pam:0.99.8.0:*:*:*:*:*:*:*
- cpe:2.3:a:linux-pam:linux-pam:0.99.7.1:*:*:*:*:*:*:*
- cpe:2.3:a:linux-pam:linux-pam:0.99.7.0:*:*:*:*:*:*:*
- cpe:2.3:a:linux-pam:linux-pam:1.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:linux-pam:linux-pam:1.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:linux-pam:linux-pam:0.99.6.2:*:*:*:*:*:*:*
- cpe:2.3:a:linux-pam:linux-pam:0.99.6.0:*:*:*:*:*:*:*
- cpe:2.3:a:linux-pam:linux-pam:0.99.10.0:*:*:*:*:*:*:*
- cpe:2.3:a:linux-pam:linux-pam:1.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:linux-pam:linux-pam:0.99.5.0:*:*:*:*:*:*:*
- cpe:2.3:a:linux-pam:linux-pam:0.99.4.0:*:*:*:*:*:*:*
- cpe:2.3:a:linux-pam:linux-pam:0.99.3.0:*:*:*:*:*:*:*
- cpe:2.3:a:linux-pam:linux-pam:0.99.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:linux-pam:linux-pam:0.99.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:linux-pam:linux-pam:1.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:linux-pam:linux-pam:1.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:linux-pam:linux-pam:1.1.1:*:*:*:*:*:*:*