CVE-2010-3430

Name of the Vulnerable Software and Affected Versions Linux-PAM version 1.1.2

Description The issue is related to the privilege-dropping implementation in the pam env and pam mail modules. It might allow local users to obtain sensitive information by leveraging unintended group permissions. This can be demonstrated by a symlink attack on the .pam environment file in a user's home directory.

Recommendations For Linux-PAM version 1.1.2, consider applying a patch that properly implements the setfsgid and setgroups system calls to fix the privilege-dropping issue in the pam env and pam mail modules. As a temporary workaround, restrict access to the .pam environment file to prevent symlink attacks.