CVE-2010-3431

2011-01-2400:00:00

ubuntu.com

4.7 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:M/Au:N/C:C/I:N/A:N

0.0004 Low

EPSS

Percentile

10.1%

JSON

The privilege-dropping implementation in the (1) pam_env and (2) pam_mail
modules in Linux-PAM (aka pam) 1.1.2 does not check the return value of the
setfsuid system call, which might allow local users to obtain sensitive
information by leveraging an unintended uid, as demonstrated by a symlink
attack on the .pam_environment file in a user’s home directory. NOTE: this
vulnerability exists because of an incomplete fix for CVE-2010-3435.

Bugs

<http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=599832>

Notes

Author	Note
mdeslaur	see complete patch list in CVE-2010-3435

OSVersionArchitecturePackageVersionFilename
ubuntu8.04noarchpam< 0.99.7.1-5ubuntu6.3UNKNOWN
ubuntu10.04noarchpam< 1.1.1-2ubuntu5.2UNKNOWN
ubuntu10.10noarchpam< 1.1.1-4ubuntu2.2UNKNOWN
ubuntu11.04noarchpam< 1.1.2-2ubuntu8.2UNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	8.04	noarch	pam	< 0.99.7.1-5ubuntu6.3	UNKNOWN
ubuntu	10.04	noarch	pam	< 1.1.1-2ubuntu5.2	UNKNOWN
ubuntu	10.10	noarch	pam	< 1.1.1-4ubuntu2.2	UNKNOWN
ubuntu	11.04	noarch	pam	< 1.1.2-2ubuntu8.2	UNKNOWN