CVE-2010-4708

Name of the Vulnerable Software and Affected Versions Linux-PAM versions 1.1.2 and earlier pam-devel-1.1.1 pam-debuginfo-1.1.1 pam-1.1.1

Description The issue allows local users to potentially run programs with an unintended environment by executing a program that relies on the pam env PAM check. This could lead to a disruption of confidentiality, integrity, and availability of protected information. The exploitation of these vulnerabilities can be carried out locally.

Recommendations For Linux-PAM versions 1.1.2 and earlier, consider updating to a version later than 1.1.2 to resolve the issue. For pam-devel-1.1.1, pam-debuginfo-1.1.1, and pam-1.1.1, update to a version later than 1.1.1 to mitigate the risk. As a temporary workaround, consider restricting access to the pam env module until a patch is available.