Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

ubuntu логотип

CVE-2010-3430

Опубликовано: 24 янв. 2011
Источник: ubuntu
Приоритет: medium
EPSS Низкий
CVSS2: 4.7

Описание

The privilege-dropping implementation in the (1) pam_env and (2) pam_mail modules in Linux-PAM (aka pam) 1.1.2 does not perform the required setfsgid and setgroups system calls, which might allow local users to obtain sensitive information by leveraging unintended group permissions, as demonstrated by a symlink attack on the .pam_environment file in a user's home directory. NOTE: this vulnerability exists because of an incomplete fix for CVE-2010-3435.

РелизСтатусПримечание
dapper

ignored

end of life
devel

released

1.1.3-1ubuntu2
hardy

released

0.99.7.1-5ubuntu6.3
karmic

ignored

end of life
lucid

released

1.1.1-2ubuntu5.2
maverick

released

1.1.1-4ubuntu2.2
natty

released

1.1.2-2ubuntu8.2
upstream

released

1.1.3

Показывать по

Ссылки на источники

EPSS

Процентиль: 18%
0.00059
Низкий

4.7 Medium

CVSS2

Связанные уязвимости

redhat логотип

CVE-2010-3430

redhat
больше 15 лет назад

The privilege-dropping implementation in the (1) pam_env and (2) pam_mail modules in Linux-PAM (aka pam) 1.1.2 does not perform the required setfsgid and setgroups system calls, which might allow local users to obtain sensitive information by leveraging unintended group permissions, as demonstrated by a symlink attack on the .pam_environment file in a user's home directory. NOTE: this vulnerability exists because of an incomplete fix for CVE-2010-3435.

nvd логотип

CVE-2010-3430

nvd
около 15 лет назад

The privilege-dropping implementation in the (1) pam_env and (2) pam_mail modules in Linux-PAM (aka pam) 1.1.2 does not perform the required setfsgid and setgroups system calls, which might allow local users to obtain sensitive information by leveraging unintended group permissions, as demonstrated by a symlink attack on the .pam_environment file in a user's home directory. NOTE: this vulnerability exists because of an incomplete fix for CVE-2010-3435.

debian логотип

CVE-2010-3430

debian
около 15 лет назад

The privilege-dropping implementation in the (1) pam_env and (2) pam_m ...

github логотип

GHSA-fw5v-fh36-5x5q

github
больше 3 лет назад

The privilege-dropping implementation in the (1) pam_env and (2) pam_mail modules in Linux-PAM (aka pam) 1.1.2 does not perform the required setfsgid and setgroups system calls, which might allow local users to obtain sensitive information by leveraging unintended group permissions, as demonstrated by a symlink attack on the .pam_environment file in a user's home directory. NOTE: this vulnerability exists because of an incomplete fix for CVE-2010-3435.

EPSS

Процентиль: 18%
0.00059
Низкий

4.7 Medium

CVSS2