CVE-2010-3430
Last modified
CVE-2010-3430 is a vulnerability of currently unknown severity. The privilege-dropping implementation in the (1) pam_env and (2) pam_mail modules in Linux-PAM (aka pam) 1.1.2 does not perform the required setfsgid and setgroups system calls, which might allow local users to obtain sensitive information by leveraging unintended group permissions, as demonstrated by a symlink attack on the .pam_environment file in a user's home directory. NOTE: this vulnerability exists because of an incomplete fix for CVE-2010-3435.. EPSS estimates a 0.34% chance of exploitation in the next 30 days.
Description
The privilege-dropping implementation in the (1) pam_env and (2) pam_mail modules in Linux-PAM (aka pam) 1.1.2 does not perform the required setfsgid and setgroups system calls, which might allow local users to obtain sensitive information by leveraging unintended group permissions, as demonstrated by a symlink attack on the .pam_environment file in a user's home directory. NOTE: this vulnerability exists because of an incomplete fix for CVE-2010-3435.
Metrics
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Linux-Pam | Linux-Pam | 1.1.2 |
References
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2010-3430?
How severe is CVE-2010-3430?
How do I fix CVE-2010-3430?
Are you affected by CVE-2010-3430?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST