Executive Summary
Informations | |||
---|---|---|---|
Name | CVE-2010-3435 | First vendor Publication | 2011-01-24 |
Vendor | Cve | Last vendor Modification | 2023-02-13 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:L/AC:M/Au:N/C:C/I:N/A:N) | |||
---|---|---|---|
Cvss Base Score | 4.7 | Attack Range | Local |
Cvss Impact Score | 6.9 | Attack Complexity | Medium |
Cvss Expoit Score | 3.4 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
The (1) pam_env and (2) pam_mail modules in Linux-PAM (aka pam) before 1.1.2 use root privileges during read access to files and directories that belong to arbitrary user accounts, which might allow local users to obtain sensitive information by leveraging this filesystem activity, as demonstrated by a symlink attack on the .pam_environment file in a user's home directory. |
Original Source
Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3435 |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:20251 | |||
Oval ID: | oval:org.mitre.oval:def:20251 | ||
Title: | VMware ESX/ESXi SLPD denial of service vulnerability and ESX third party updates for Service Console packages bind, pam, and rpm. | ||
Description: | The (1) pam_env and (2) pam_mail modules in Linux-PAM (aka pam) before 1.1.2 use root privileges during read access to files and directories that belong to arbitrary user accounts, which might allow local users to obtain sensitive information by leveraging this filesystem activity, as demonstrated by a symlink attack on the .pam_environment file in a user's home directory. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2010-3435 | Version: | 4 |
Platform(s): | VMWare ESX Server 4.1 VMWare ESX Server 4.0 | Product(s): | |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
OpenVAS Exploits
Date | Description |
---|---|
2012-08-10 | Name : Gentoo Security Advisory GLSA 201206-31 (pam) File : nvt/glsa_201206_31.nasl |
2012-03-16 | Name : VMSA-2011-0004.3 VMware ESX/ESXi SLPD denial of service vulnerability and ESX... File : nvt/gb_VMSA-2011-0004.nasl |
2011-06-06 | Name : Ubuntu Update for pam USN-1140-1 File : nvt/gb_ubuntu_USN_1140_1.nasl |
2011-06-06 | Name : Ubuntu Update for pam USN-1140-2 File : nvt/gb_ubuntu_USN_1140_2.nasl |
2010-12-02 | Name : Fedora Update for pam FEDORA-2010-17155 File : nvt/gb_fedora_2010_17155_pam_fc14.nasl |
2010-11-23 | Name : Fedora Update for pam FEDORA-2010-17133 File : nvt/gb_fedora_2010_17133_pam_fc12.nasl |
2010-11-16 | Name : RedHat Update for pam RHSA-2010:0819-01 File : nvt/gb_RHSA-2010_0819-01_pam.nasl |
2010-11-16 | Name : Fedora Update for pam FEDORA-2010-17112 File : nvt/gb_fedora_2010_17112_pam_fc13.nasl |
2010-11-16 | Name : Mandriva Update for pam MDVSA-2010:220 (pam) File : nvt/gb_mandriva_MDVSA_2010_220.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
68993 | Linux-PAM pam_mail Module Arbitrary Mail File Enumeration Linux-PAM contains a flaw that may lead to an unauthorized information disclosure. Â The issue is triggered when an error in the 'pam_mail' module occurs when dropping privileges, which will disclose the presence of certain mail files to a local attacker. |
Information Assurance Vulnerability Management (IAVM)
Date | Description |
---|---|
2011-05-12 | IAVM : 2011-A-0066 - Multiple Vulnerabilities in VMware Products Severity : Category I - VMSKEY : V0027158 |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2016-03-04 | Name : The remote VMware ESX / ESXi host is missing a security-related patch. File : vmware_VMSA-2011-0004_remote.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2010-0819.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2010-0891.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20101101_pam_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20101116_pam_on_SL6_x.nasl - Type : ACT_GATHER_INFO |
2012-06-26 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201206-31.nasl - Type : ACT_GATHER_INFO |
2011-06-13 | Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-1140-1.nasl - Type : ACT_GATHER_INFO |
2011-06-13 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-1140-2.nasl - Type : ACT_GATHER_INFO |
2011-03-08 | Name : The remote VMware ESXi / ESX host is missing one or more security-related pat... File : vmware_VMSA-2011-0004.nasl - Type : ACT_GATHER_INFO |
2010-11-24 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2010-0819.nasl - Type : ACT_GATHER_INFO |
2010-11-18 | Name : The remote Fedora host is missing a security update. File : fedora_2010-17133.nasl - Type : ACT_GATHER_INFO |
2010-11-18 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2010-0891.nasl - Type : ACT_GATHER_INFO |
2010-11-08 | Name : The remote Fedora host is missing a security update. File : fedora_2010-17155.nasl - Type : ACT_GATHER_INFO |
2010-11-05 | Name : The remote Fedora host is missing a security update. File : fedora_2010-17112.nasl - Type : ACT_GATHER_INFO |
2010-11-04 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2010-220.nasl - Type : ACT_GATHER_INFO |
2010-11-02 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2010-0819.nasl - Type : ACT_GATHER_INFO |
Sources (Detail)
Alert History
Date | Informations |
---|---|
2023-02-13 09:29:01 |
|
2021-05-05 01:07:22 |
|
2021-05-04 12:12:20 |
|
2021-04-22 01:13:06 |
|
2020-12-23 01:05:51 |
|
2020-05-23 01:42:40 |
|
2020-05-23 00:26:29 |
|
2019-01-03 21:18:53 |
|
2018-10-11 00:19:56 |
|
2016-04-26 20:06:01 |
|
2016-03-05 13:26:42 |
|
2014-02-17 10:57:26 |
|
2013-11-11 12:38:55 |
|
2013-05-10 23:32:35 |
|