HIGH🇵🇱 Wersja polska

CVE-2010-4708

CVSS 7.2v2.0pub. 2011-01-24upd. 2026-04-29

The pam_env module in Linux-PAM (aka pam) 1.1.2 and earlier reads the .pam_environment file in a user's home directory, which might allow local users to run programs with an unintended environment by executing a program that relies on the pam_env PAM check.

CVSS Vector
AV:L/AC:L/Au:N/C:C/I:C/A:C
  • Linux Pam

    APP
    Linux-Pam
    0.99.1.00.99.10.00.99.2.00.99.2.10.99.3.00.99.4.00.99.5.00.99.6.00.99.6.10.99.6.20.99.6.30.99.7.00.99.7.10.99.8.00.99.8.1+ 9 więcej
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2022-28321CRITICAL9.8ten sam produkt

The Linux-PAM package before 1.5.2-6.1 for openSUSE Tumbleweed allows authentication bypass for SSH logins. Th...

CVE-2020-27780CRITICAL9.8ten sam produkt

A flaw was found in Linux-Pam in versions prior to 1.5.1 in the way it handle empty passwords for non-existing...

CVE-2024-10041MEDIUM4.7ten sam produkt

A vulnerability was found in PAM. The secret information is stored in memory, where the attacker can trigger t...

CVE-2024-22365MEDIUM5.5ten sam produkt

linux-pam (aka Linux PAM) before 1.6.0 allows attackers to cause a denial of service (blocked login process) v...

CVE-2015-3238MEDIUM6.5ten sam produkt

The _unix_run_helper_binary function in the pam_unix module in Linux-PAM (aka pam) before 1.2.1, when unable t...