4 matches found
CVE-2022-1804
accountsservice no longer drops permissions when writting .pamenvironment...
CVE-2010-4708
The pamenv module in Linux-PAM aka pam 1.1.2 and earlier reads the .pamenvironment file in a user's home directory, which might allow local users to run programs with an unintended environment by executing a program that relies on the pamenv PAM check...
CVE-2010-4708
The pamenv module in Linux-PAM aka pam 1.1.2 and earlier reads the .pamenvironment file in a user's home directory, which might allow local users to run programs with an unintended environment by executing a program that relies on the pamenv PAM check...
CVE-2010-3430
The privilege-dropping implementation in the 1 pamenv and 2 pammail modules in Linux-PAM aka pam 1.1.2 does not perform the required setfsgid and setgroups system calls, which might allow local users to obtain sensitive information by leveraging unintended group permissions, as demonstrated by a...