CVE-2010-3431

2011-01-2400:00:00

ubuntu.com

1.9 Low

CVSS2

Access Vector

LOCAL

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:M/Au:N/C:P/I:N/A:N

0.0004 Low

EPSS

Percentile

9.4%

JSON

The privilege-dropping implementation in the (1) pam_env and (2) pam_mail
modules in Linux-PAM (aka pam) 1.1.2 does not check the return value of the
setfsuid system call, which might allow local users to obtain sensitive
information by leveraging an unintended uid, as demonstrated by a symlink
attack on the .pam_environment file in a user’s home directory. NOTE: this
vulnerability exists because of an incomplete fix for CVE-2010-3435.

Bugs

<http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=599832>

Notes

Author	Note
mdeslaur	see complete patch list in CVE-2010-3435

OSVersionArchitecturePackageVersionFilename
ubuntu8.04noarchpam< 0.99.7.1-5ubuntu6.3UNKNOWN
ubuntu10.04noarchpam< 1.1.1-2ubuntu5.2UNKNOWN
ubuntu10.10noarchpam< 1.1.1-4ubuntu2.2UNKNOWN
ubuntu11.04noarchpam< 1.1.2-2ubuntu8.2UNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	8.04	noarch	pam	< 0.99.7.1-5ubuntu6.3	UNKNOWN
ubuntu	10.04	noarch	pam	< 1.1.1-2ubuntu5.2	UNKNOWN
ubuntu	10.10	noarch	pam	< 1.1.1-4ubuntu2.2	UNKNOWN
ubuntu	11.04	noarch	pam	< 1.1.2-2ubuntu8.2	UNKNOWN