Bug 641361 (CVE-2010-3430, CVE-2010-3431)
Summary: | CVE-2010-3430 CVE-2010-3431 pam: pam_mail and pam_env incorrect privilege dropping | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Tomas Hoger <thoger> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED NOTABUG | QA Contact: | |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | unspecified | CC: | tmraz |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2010-12-22 15:45:16 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | |||
Bug Blocks: | 641335 |
Description
Tomas Hoger
2010-10-08 14:16:04 UTC
Linux-PAM 1.1.2 is currently only available in Fedora Rawhide. Older PAM versions do to contain affected privilege dropping code and hence can not be affected by these issues. The are affected by the original issue - CVE-2010-3435. Statement: Not vulnerable. This issue did not affect the versions of pam as shipped with Red Hat Enterprise Linux 3, 4, 5, or 6. |