CVE-2010-4708
EPSS 0.10%
Description
The pam_env module in Linux-PAM (aka pam) 1.1.2 and earlier reads the .pam_environment file in a user's home directory, which might allow local users to run programs with an unintended environment by executing a program that relies on the pam_env PAM check.
How to fix CVE-2010-4708
To remediate CVE-2010-4708, upgrade the affected package to a fixed version below.
- Debian/pam—upgrade to 1.1.3-7.1 or later
Is CVE-2010-4708 being exploited?
Low — EPSS is 0.1%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- from 0, < 1.1.3-7.1