Launchpad.net

CVE 2010-4708

The pam_env module in Linux-PAM (aka pam) 1.1.2 and earlier reads the .pam_environment file in a user's home directory, which might allow local users to run programs with an unintended environment by executing a program that relies on the pam_env PAM check.

Related bugs and status

CVE-2010-4708 (Candidate) is related to these bugs:

Bug #952185: ~/.pam_environment not parsed by default

		In	Importance	Status
952185	~/.pam_environment not parsed by default	Light Display Manager	High	Invalid
952185	~/.pam_environment not parsed by default	lightdm (Ubuntu)	High	Fix Released
952185	~/.pam_environment not parsed by default	lightdm (Ubuntu Precise)	High	Fix Released
952185	~/.pam_environment not parsed by default	pam (Ubuntu)	High	Invalid
952185	~/.pam_environment not parsed by default	pam (Ubuntu Precise)	Undecided	Invalid
952185	~/.pam_environment not parsed by default	openssh (Ubuntu)	Undecided	Fix Released
952185	~/.pam_environment not parsed by default	openssh (Ubuntu Precise)	Undecided	Fix Released
952185	~/.pam_environment not parsed by default	at (Ubuntu)	Undecided	Fix Released
952185	~/.pam_environment not parsed by default	at (Ubuntu Precise)	Undecided	Won't Fix
952185	~/.pam_environment not parsed by default	sudo (Ubuntu)	Undecided	Invalid
952185	~/.pam_environment not parsed by default	sudo (Ubuntu Precise)	Undecided	Invalid
952185	~/.pam_environment not parsed by default	gdm (Ubuntu)	High	Fix Released
952185	~/.pam_environment not parsed by default	gdm (Ubuntu Precise)	Medium	Fix Released

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2010-4708

Related bugs and status

Related bugs

References