CVE-2010-3431

Name of the Vulnerable Software and Affected Versions Linux-PAM version 1.1.2

Description The issue is related to the privilege-dropping implementation in the pam env and pam mail modules. It might allow local users to obtain sensitive information by leveraging an unintended uid. This can be demonstrated by a symlink attack on the .pam environment file in a user's home directory.

Recommendations For Linux-PAM version 1.1.2, consider updating to a newer version that includes a complete fix for the issue. As a temporary workaround, restrict access to the .pam environment file to minimize the risk of exploitation.