7.2 High
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
0.0004 Low
EPSS
Percentile
5.1%
The pam_env module in Linux-PAM (aka pam) 1.1.2 and earlier reads the
.pam_environment file in a user’s home directory, which might allow local
users to run programs with an unintended environment by executing a program
that relies on the pam_env PAM check.
Author | Note |
---|---|
mdeslaur | this changes default behaviour, after discussion with slangasek, we should not change this in stable releases. Patch has been reverted upstream, no consensus as of 2011-06-08 Let’s ignore this for now, and change the default in the dev release when upstream decides to change. |