7.2
CVE-2010-4708
- EPSS 0.37%
- Veröffentlicht 24.01.2011 19:00:02
- Zuletzt bearbeitet 16.06.2026 23:25:23
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
The pam_env module in Linux-PAM (aka pam) 1.1.2 and earlier reads the .pam_environment file in a user's home directory, which might allow local users to run programs with an unintended environment by executing a program that relies on the pam_env PAM check.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.37% | 0.285 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.2 | 3.9 | 10 |
AV:L/AC:L/Au:N/C:C/I:C/A:C
|
http://openwall.com/lists/oss-security/2010/09/27/7
http://secunia.com/advisories/49711
http://security.gentoo.org/glsa/glsa-201206-31.xml
https://bugzilla.redhat.com/show_bug.cgi?id=641335
http://pam.cvs.sourceforge.net/viewvc/pam/Linux-PAM/modules/pam_env/pam_env.8.xml?r1=1.7&r2=1.8
http://pam.cvs.sourceforge.net/viewvc/pam/Linux-PAM/modules/pam_env/pam_env.c?r1=1.22&r2=1.23
http://www.securityfocus.com/bid/46046
https://exchange.xforce.ibmcloud.com/vulnerabilities/65037