The pam_env module in Linux-PAM (aka pam) 1.1.2 and earlier reads the .pam_environment file in a user's home directory, which might allow local users to run programs with an unintended environment by executing a program that relies on the pam_env PAM check.
| Version | Base score | Base severity | Vector |
|---|
| Hyperlink | Resource Type |
|---|
The pam_env module in Linux-PAM (aka pam) 1.1.2 and earlier reads the .pam_environment file in a user's home directory, which might allow local users to run programs with an unintended environment by executing a program that relies on the pam_env PAM check.
| Type | CWE ID | Description |
|---|---|---|
| text | N/A | n/a |
| Version | Base score | Base severity | Vector |
|---|
| CAPEC ID | Description |
|---|
| Event | Date |
|---|
| Hyperlink | Resource |
|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/65037 | vdb-entry x_refsource_XF |
| http://security.gentoo.org/glsa/glsa-201206-31.xml | vendor-advisory x_refsource_GENTOO |
| https://bugzilla.redhat.com/show_bug.cgi?id=641335 | x_refsource_MISC |
| http://pam.cvs.sourceforge.net/viewvc/pam/Linux-PAM/modules/pam_env/pam_env.8.xml?r1=1.7&r2=1.8 | x_refsource_CONFIRM |
| http://secunia.com/advisories/49711 | third-party-advisory x_refsource_SECUNIA |
| http://openwall.com/lists/oss-security/2010/09/27/7 | mailing-list x_refsource_MLIST |
| http://pam.cvs.sourceforge.net/viewvc/pam/Linux-PAM/modules/pam_env/pam_env.c?r1=1.22&r2=1.23 | x_refsource_CONFIRM |
| http://www.securityfocus.com/bid/46046 | vdb-entry x_refsource_BID |
| Version | Base score | Base severity | Vector |
|---|
| CAPEC ID | Description |
|---|
| Event | Date |
|---|
| Hyperlink | Resource |
|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/65037 | vdb-entry x_refsource_XF x_transferred |
| http://security.gentoo.org/glsa/glsa-201206-31.xml | vendor-advisory x_refsource_GENTOO x_transferred |
| https://bugzilla.redhat.com/show_bug.cgi?id=641335 | x_refsource_MISC x_transferred |
| http://pam.cvs.sourceforge.net/viewvc/pam/Linux-PAM/modules/pam_env/pam_env.8.xml?r1=1.7&r2=1.8 | x_refsource_CONFIRM x_transferred |
| http://secunia.com/advisories/49711 | third-party-advisory x_refsource_SECUNIA x_transferred |
| http://openwall.com/lists/oss-security/2010/09/27/7 | mailing-list x_refsource_MLIST x_transferred |
| http://pam.cvs.sourceforge.net/viewvc/pam/Linux-PAM/modules/pam_env/pam_env.c?r1=1.22&r2=1.23 | x_refsource_CONFIRM x_transferred |
| http://www.securityfocus.com/bid/46046 | vdb-entry x_refsource_BID x_transferred |
The pam_env module in Linux-PAM (aka pam) 1.1.2 and earlier reads the .pam_environment file in a user's home directory, which might allow local users to run programs with an unintended environment by executing a program that relies on the pam_env PAM check.
| Date Added | Due Date | Vulnerability Name | Required Action |
|---|---|---|---|
| N/A |
| Type | Version | Base score | Base severity | Vector |
|---|---|---|---|---|
| Primary | 2.0 | 7.2 | HIGH | AV:L/AC:L/Au:N/C:C/I:C/A:C |
| Primary | 2.0 | 7.2 | HIGH | AV:L/AC:L/Au:N/C:C/I:C/A:C |
| CWE ID | Type | Source |
|---|---|---|
| NVD-CWE-Other | Primary | nvd@nist.gov |