| Max CVSS | 7.2 | Min CVSS | 1.9 | Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published | |
| CVE-2010-3435 | 4.7 |
The (1) pam_env and (2) pam_mail modules in Linux-PAM (aka pam) before 1.1.2 use root privileges during read access to files and directories that belong to arbitrary user accounts, which might allow local users to obtain sensitive information by leve
|
13-02-2023 - 04:24 | 24-01-2011 - 18:00 | |
| CVE-2010-3431 | 1.9 |
The privilege-dropping implementation in the (1) pam_env and (2) pam_mail modules in Linux-PAM (aka pam) 1.1.2 does not check the return value of the setfsuid system call, which might allow local users to obtain sensitive information by leveraging an
|
13-02-2023 - 04:24 | 24-01-2011 - 18:00 | |
| CVE-2010-3430 | 4.7 |
The privilege-dropping implementation in the (1) pam_env and (2) pam_mail modules in Linux-PAM (aka pam) 1.1.2 does not perform the required setfsgid and setgroups system calls, which might allow local users to obtain sensitive information by leverag
|
13-02-2023 - 04:24 | 24-01-2011 - 18:00 | |
| CVE-2010-3316 | 3.3 |
The run_coprocess function in pam_xauth.c in the pam_xauth module in Linux-PAM (aka pam) before 1.1.2 does not check the return values of the setuid, setgid, and setgroups system calls, which might allow local users to read arbitrary files by executi
|
13-02-2023 - 04:23 | 24-01-2011 - 18:00 | |
| CVE-2010-3853 | 6.9 |
pam_namespace.c in the pam_namespace module in Linux-PAM (aka pam) before 1.1.3 uses the environment of the invoking application or service during execution of the namespace.init script, which might allow local users to gain privileges by running a s
|
03-01-2019 - 15:01 | 24-01-2011 - 18:00 | |
| CVE-2010-4708 | 7.2 |
The pam_env module in Linux-PAM (aka pam) 1.1.2 and earlier reads the .pam_environment file in a user's home directory, which might allow local users to run programs with an unintended environment by executing a program that relies on the pam_env PAM
|
03-01-2019 - 15:01 | 24-01-2011 - 19:00 | |
| CVE-2010-4707 | 4.9 |
The check_acl function in pam_xauth.c in the pam_xauth module in Linux-PAM (aka pam) 1.1.2 and earlier does not verify that a certain ACL file is a regular file, which might allow local users to cause a denial of service (resource consumption) via a
|
03-01-2019 - 15:01 | 24-01-2011 - 19:00 | |
| CVE-2010-4706 | 4.9 |
The pam_sm_close_session function in pam_xauth.c in the pam_xauth module in Linux-PAM (aka pam) 1.1.2 and earlier does not properly handle a failure to determine a certain target uid, which might allow local users to delete unintended files by execut
|
03-01-2019 - 15:01 | 24-01-2011 - 19:00 | |
| CVE-2011-3148 | 4.6 |
Stack-based buffer overflow in the _assemble_line function in modules/pam_env/pam_env.c in Linux-PAM (aka pam) before 1.1.5 allows local users to cause a denial of service (crash) and possibly execute arbitrary code via a long string of white spaces
|
03-01-2019 - 15:01 | 22-07-2012 - 17:55 | |
| CVE-2011-3149 | 2.1 |
The _expand_arg function in the pam_env module (modules/pam_env/pam_env.c) in Linux-PAM (aka pam) before 1.1.5 does not properly handle when environment variable expansion can overflow, which allows local users to cause a denial of service (CPU consu
|
03-01-2019 - 15:01 | 22-07-2012 - 17:55 |