Your submission was sent successfully! Close

CVE-2010-4708

Published: 24 January 2011

The pam_env module in Linux-PAM (aka pam) 1.1.2 and earlier reads the .pam_environment file in a user's home directory, which might allow local users to run programs with an unintended environment by executing a program that relies on the pam_env PAM check.

Priority

Low

Status

Package Release Status
pam
Launchpad, Ubuntu, Debian
dapper Ignored
(reached end-of-life)
hardy Ignored
(changes behaviour)
karmic Ignored
(reached end-of-life)
lucid Ignored
(changes behaviour)
maverick Ignored
(changes behaviour)
natty Ignored
(changes behaviour)
oneiric Ignored
(changes behaviour)
upstream Needs triage

Notes

AuthorNote
mdeslaur
this changes default behaviour, after discussion with
slangasek, we should not change this in stable releases.
Patch has been reverted upstream, no consensus as of 2011-06-08
Let's ignore this for now, and change the default in the dev
release when upstream decides to change.

References

Bugs