Executive Summary

Informations
Name CVE-2010-4708 First vendor Publication 2011-01-24
Vendor Cve Last vendor Modification 2019-01-03

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:L/AC:L/Au:N/C:C/I:C/A:C)
Cvss Base Score 7.2 Attack Range Local
Cvss Impact Score 10 Attack Complexity Low
Cvss Expoit Score 3.9 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

The pam_env module in Linux-PAM (aka pam) 1.1.2 and earlier reads the .pam_environment file in a user's home directory, which might allow local users to run programs with an unintended environment by executing a program that relies on the pam_env PAM check.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4708

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:22188
 
Oval ID: oval:org.mitre.oval:def:22188
Title: RHSA-2010:0891: pam security update (Moderate)
Description: The pam_env module in Linux-PAM (aka pam) 1.1.2 and earlier reads the .pam_environment file in a user's home directory, which might allow local users to run programs with an unintended environment by executing a program that relies on the pam_env PAM check.
Family: unix Class: patch
Reference(s): RHSA-2010:0891-01
CVE-2010-3316
CVE-2010-3435
CVE-2010-3853
CVE-2010-4707
CVE-2010-4708
 Version: 68
Platform(s): Red Hat Enterprise Linux 6
 Product(s): pam
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:23510
 
Oval ID: oval:org.mitre.oval:def:23510
Title: ELSA-2010:0891: pam security update (Moderate)
Description: The pam_env module in Linux-PAM (aka pam) 1.1.2 and earlier reads the .pam_environment file in a user's home directory, which might allow local users to run programs with an unintended environment by executing a program that relies on the pam_env PAM check.
Family: unix Class: patch
Reference(s): ELSA-2010:0891-01
CVE-2010-3316
CVE-2010-3435
CVE-2010-3853
CVE-2010-4707
CVE-2010-4708
 Version: 25
Platform(s): Oracle Linux 6
 Product(s): pam
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:28131
 
Oval ID: oval:org.mitre.oval:def:28131
Title: DEPRECATED: ELSA-2010-0891 -- pam security update (moderate)
Description: [1.1.1-4.1] - fix insecure dropping of priviledges in pam_xauth, pam_env, and pam_mail - CVE-2010-3316 (#637898), CVE-2010-3435 (#641335) - fix insecure executing of scripts with user supplied environment variables in pam_namespace - CVE-2010-3853 (#643043)
Family: unix Class: patch
Reference(s): ELSA-2010-0891
CVE-2010-3316
CVE-2010-3435
CVE-2010-3853
CVE-2010-4707
CVE-2010-4708
 Version: 4
Platform(s): Oracle Linux 6
 Product(s): pam
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 25

OpenVAS Exploits

Date Description
2012-08-10 Name : Gentoo Security Advisory GLSA 201206-31 (pam)
File : nvt/glsa_201206_31.nasl

Open Source Vulnerability Database (OSVDB)

Id Description
70654 Linux-PAM pam_env Module .pam_environment User File Arbitrary Local Program E...

Linux-PAM contains a flaw related to the 'pam_env' module reads the .pam environment file in a user's home directory. This may allow a local attacker to run programs with previous users' privileges, resulting in a disclosure of user information.

Nessus® Vulnerability Scanner

Date Description
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2010-0891.nasl - Type : ACT_GATHER_INFO
2012-06-26 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201206-31.nasl - Type : ACT_GATHER_INFO
2010-11-18 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2010-0891.nasl - Type : ACT_GATHER_INFO

Sources (Detail)

Source Url
BID http://www.securityfocus.com/bid/46046
CONFIRM http://pam.cvs.sourceforge.net/viewvc/pam/Linux-PAM/modules/pam_env/pam_env.8...
http://pam.cvs.sourceforge.net/viewvc/pam/Linux-PAM/modules/pam_env/pam_env.c...
GENTOO http://security.gentoo.org/glsa/glsa-201206-31.xml
MISC https://bugzilla.redhat.com/show_bug.cgi?id=641335
MLIST http://openwall.com/lists/oss-security/2010/09/27/7
SECUNIA http://secunia.com/advisories/49711
XF https://exchange.xforce.ibmcloud.com/vulnerabilities/65037

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
5
6
7
8
9
10
Date Informations
2021-05-05 01:07:32
  • Multiple Updates
2021-05-04 12:12:38
  • Multiple Updates
2021-04-22 01:13:43
  • Multiple Updates
2020-12-23 01:06:10
  • Multiple Updates
2020-05-23 01:43:26
  • Multiple Updates
2020-05-23 00:27:17
  • Multiple Updates
2019-01-03 21:18:53
  • Multiple Updates
2017-08-17 09:23:13
  • Multiple Updates
2016-04-26 20:19:26
  • Multiple Updates
2014-02-17 10:59:08
  • Multiple Updates
2013-05-10 23:39:15
  • Multiple Updates