CVE-2010-3435

N/A Unknown

Published: January 24, 2011 Modified: April 29, 2026

Description

The (1) pam_env and (2) pam_mail modules in Linux-PAM (aka pam) before 1.1.2 use root privileges during read access to files and directories that belong to arbitrary user accounts, which might allow local users to obtain sensitive information by leveraging this filesystem activity, as demonstrated by a symlink attack on the .pam_environment file in a user's home directory.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

Login to generate AI explanation

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory

http://git.altlinux.org/people/ldv/packages/?p=pam.git%3Ba=commit%3Bh=06f882f30092a39a1db867c9744b2ca8d60e4ad6

Source: secalert@redhat.com

http://lists.vmware.com/pipermail/security-announce/2011/000126.html

Source: secalert@redhat.com

http://openwall.com/lists/oss-security/2010/09/21/3

Source: secalert@redhat.com

Patch

http://openwall.com/lists/oss-security/2010/09/27/10

Source: secalert@redhat.com

http://openwall.com/lists/oss-security/2010/09/27/4

Source: secalert@redhat.com

Patch

http://openwall.com/lists/oss-security/2010/09/27/5

Source: secalert@redhat.com

Patch

http://openwall.com/lists/oss-security/2010/09/27/7

Source: secalert@redhat.com

Patch

http://openwall.com/lists/oss-security/2010/09/27/8

Source: secalert@redhat.com

http://openwall.com/lists/oss-security/2010/10/25/2

Source: secalert@redhat.com

Patch

http://secunia.com/advisories/49711

Source: secalert@redhat.com

http://security.gentoo.org/glsa/glsa-201206-31.xml

Source: secalert@redhat.com

http://www.mandriva.com/security/advisories?name=MDVSA-2010:220

Source: secalert@redhat.com

http://www.openwall.com/lists/oss-security/2010/09/24/2

Source: secalert@redhat.com

http://www.redhat.com/support/errata/RHSA-2010-0819.html

Source: secalert@redhat.com

http://www.redhat.com/support/errata/RHSA-2010-0891.html

Source: secalert@redhat.com

http://www.securityfocus.com/archive/1/516909/100/0/threaded

Source: secalert@redhat.com

http://www.vmware.com/security/advisories/VMSA-2011-0004.html

Source: secalert@redhat.com

http://www.vupen.com/english/advisories/2011/0606

Source: secalert@redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=641335

Source: secalert@redhat.com

Patch

http://git.altlinux.org/people/ldv/packages/?p=pam.git%3Ba=commit%3Bh=06f882f30092a39a1db867c9744b2ca8d60e4ad6

Source: af854a3a-2127-422b-91ae-364da2661108

http://lists.vmware.com/pipermail/security-announce/2011/000126.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://openwall.com/lists/oss-security/2010/09/21/3

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

http://openwall.com/lists/oss-security/2010/09/27/10

Source: af854a3a-2127-422b-91ae-364da2661108

http://openwall.com/lists/oss-security/2010/09/27/4

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

http://openwall.com/lists/oss-security/2010/09/27/5

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

http://openwall.com/lists/oss-security/2010/09/27/7

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

http://openwall.com/lists/oss-security/2010/09/27/8

Source: af854a3a-2127-422b-91ae-364da2661108

http://openwall.com/lists/oss-security/2010/10/25/2

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

http://secunia.com/advisories/49711

Source: af854a3a-2127-422b-91ae-364da2661108

http://security.gentoo.org/glsa/glsa-201206-31.xml

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.mandriva.com/security/advisories?name=MDVSA-2010:220

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.openwall.com/lists/oss-security/2010/09/24/2

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.redhat.com/support/errata/RHSA-2010-0819.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.redhat.com/support/errata/RHSA-2010-0891.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/archive/1/516909/100/0/threaded

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.vmware.com/security/advisories/VMSA-2011-0004.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.vupen.com/english/advisories/2011/0606

Source: af854a3a-2127-422b-91ae-364da2661108

https://bugzilla.redhat.com/show_bug.cgi?id=641335

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

38 reference(s) from NVD

Quick Stats

CVSS v3 Score

N/A / 10.0

EPSS (Exploit Probability)

0.4%

27th percentile

Exploitation Status

Not in CISA KEV

Affected Vendors

linux-pam