CVE-2010-4708
Published: 24 January 2011
The pam_env module in Linux-PAM (aka pam) 1.1.2 and earlier reads the .pam_environment file in a user's home directory, which might allow local users to run programs with an unintended environment by executing a program that relies on the pam_env PAM check.
Priority
Low
Status
| Package | Release | Status |
|---|---|---|
|
pam Launchpad, Ubuntu, Debian |
dapper |
Ignored
(reached end-of-life)
|
| hardy |
Ignored
(changes behaviour)
|
|
| karmic |
Ignored
(reached end-of-life)
|
|
| lucid |
Ignored
(changes behaviour)
|
|
| maverick |
Ignored
(changes behaviour)
|
|
| natty |
Ignored
(changes behaviour)
|
|
| oneiric |
Ignored
(changes behaviour)
|
|
| upstream |
Needs triage
|
Notes
| Author | Note |
|---|---|
| mdeslaur | this changes default behaviour, after discussion with slangasek, we should not change this in stable releases. Patch has been reverted upstream, no consensus as of 2011-06-08 Let's ignore this for now, and change the default in the dev release when upstream decides to change. |
References
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4708
- http://thread.gmane.org/gmane.comp.security.oss.general/3311/focus=3562
- NVD
- Launchpad
- Debian