VDB
CVE-2010-4708
CVE-2010-4708
PUBLISHED
CVSS 7.199999809265137 HIGH
The pam_env module in Linux-PAM (aka pam) 1.1.2 and earlier reads the .pam_environment file in a user's home directory, which might allow local users to run programs with an unintended environment by executing a program that relies on the pam_env PAM check.
EPSS 0.10% · 26.9th percentile
Risk Scores
CVSS 2.0
7.199999809265137
EPSS Score
0.10%
26.9th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| n/a | n/a | n/a |
| linux-pam | linux-pam | 0.99.1.0, 0.99.2.0, 0.99.2.1 |
Exploit Intelligence
- linuxpam-pamenv-priv-escalation(65037) (circl)
- GLSA-201206-31 (circl)
- https://bugzilla.redhat.com/show_bug.cgi?id=641335 (circl)
- http://pam.cvs.sourceforge.net/viewvc/pam/Linux-PAM/modules/pam_env/pam_env.8.xml?r1=1.7&r2=1.8 (circl)
- 49711 (circl)
- [oss-security] 20100928 Re: Minor security flaw with pam_xauth (circl)
- http://pam.cvs.sourceforge.net/viewvc/pam/Linux-PAM/modules/pam_env/pam_env.c?r1=1.22&r2=1.23 (circl)
- 46046 (circl)
Timeline
- Jan 24, 2011 CVE Published
- Feb 4, 2022 EPSS Score
- Mar 29, 2022 EPSS Score
- May 20, 2022 EPSS Score
- Jul 12, 2022 EPSS Score
- Sep 4, 2022 EPSS Score
- Oct 26, 2022 EPSS Score
- Dec 18, 2022 EPSS Score
- Feb 9, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
- Apr 2, 2023 EPSS Score
- May 25, 2023 EPSS Score
References
- linuxpam-pamenv-priv-escalation(65037) vdb
- GLSA-201206-31 vendor-advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=641335 url
- http://pam.cvs.sourceforge.net/viewvc/pam/Linux-PAM/modules/pam_env/pam_env.8.xml?r1=1.7&r2=1.8 url
- 49711 third-party-advisory
- [oss-security] 20100928 Re: Minor security flaw with pam_xauth mailing-list
- http://pam.cvs.sourceforge.net/viewvc/pam/Linux-PAM/modules/pam_env/pam_env.c?r1=1.22&r2=1.23 url
- 46046 vdb
- https://nvd.nist.gov/vuln/detail/CVE-2010-4708 advisory