Home > Vulnerability Database > CVE-2010-3435

Mend.io Vulnerability Database

CVE-2010-3435

Date: January 24, 2011

The (1) pam_env and (2) pam_mail modules in Linux-PAM (aka pam) before 1.1.2 use root privileges during read access to files and directories that belong to arbitrary user accounts, which might allow local users to obtain sensitive information by leveraging this filesystem activity, as demonstrated by a symlink attack on the .pam_environment file in a user's home directory.

Language: C

Severity Score

5.1

Related Resources (22)

Url: http://openwall.com/lists/oss-security/2010/09/21/3

Url: http://git.altlinux.org/people/ldv/packages/?p=pam.git%3Ba=commit%3Bh=06f882f30092a39a1db867c9744b2ca8d60e4ad6

Url: https://nvd.nist.gov/vuln/detail/CVE-2010-3435

Url: http://openwall.com/lists/oss-security/2010/09/27/4

Url: http://openwall.com/lists/oss-security/2010/10/25/2

Url: http://www.vmware.com/security/advisories/VMSA-2011-0004.html

Url: http://www.mandriva.com/security/advisories?name=MDVSA-2010:220

Url: http://security.gentoo.org/glsa/glsa-201206-31.xml

Url: http://www.securityfocus.com/archive/1/516909/100/0/threaded

Url: http://www.openwall.com/lists/oss-security/2010/09/24/2

Url: https://access.redhat.com/security/cve/CVE-2010-3435

Url: http://www.redhat.com/support/errata/RHSA-2010-0819.html

Url: http://www.vupen.com/english/advisories/2011/0606

Url: http://lists.vmware.com/pipermail/security-announce/2011/000126.html

Url: http://www.redhat.com/support/errata/RHSA-2010-0891.html

Url: http://openwall.com/lists/oss-security/2010/09/27/5

Url: http://openwall.com/lists/oss-security/2010/09/27/8

Url: http://openwall.com/lists/oss-security/2010/09/27/7

Url: https://bugzilla.redhat.com/show_bug.cgi?id=641335

Url: http://openwall.com/lists/oss-security/2010/09/27/10

Url: http://secunia.com/advisories/49711

Url: https://www.mend.io/vulnerability-database/CVE-2010-3435

Severity Score

5.1

CVSS v3.1

Base Score:	5.1
Attack Vector (AV):	LOCAL
Attack Complexity (AC):	HIGH
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	NONE
Availability (A):	NONE

CVSS v2

Base Score:	4.7
Access Vector (AV):	LOCAL
Access Complexity (AC):	MEDIUM
Authentication (AU):	NONE
Confidentiality (C):	COMPLETE
Integrity (I):	NONE
Availability (A):	NONE
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2010-3435

Date: January 24, 2011

Language: C

Severity Score

Related Resources (22)

Severity Score

CVSS v3.1

CVSS v2

Do you need more information?