Search criteria
54 vulnerabilities found for linux-pam by linux-pam
FKIE_CVE-2024-10041
Vulnerability from fkie_nvd - Published: 2024-10-23 14:15 - Updated: 2024-12-18 10:15
Severity ?
Summary
A vulnerability was found in PAM. The secret information is stored in memory, where the attacker can trigger the victim program to execute by sending characters to its standard input (stdin). As this occurs, the attacker can train the branch predictor to execute an ROP chain speculatively. This flaw could result in leaked passwords, such as those found in /etc/shadow while performing authentications.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| linux-pam | linux-pam | - | |
| redhat | enterprise_linux | 7.0 | |
| redhat | enterprise_linux | 8.0 | |
| redhat | enterprise_linux | 9.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:linux-pam:linux-pam:-:*:*:*:*:*:*:*",
"matchCriteriaId": "20ED7FC4-9FBB-4886-9FF0-BBBCBBE852D6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "142AD0DD-4CF3-4D74-9442-459CE3347E3A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7F6FB57C-2BC7-487C-96DD-132683AEB35D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in PAM. The secret information is stored in memory, where the attacker can trigger the victim program to execute by sending characters to its standard input (stdin). As this occurs, the attacker can train the branch predictor to execute an ROP chain speculatively. This flaw could result in leaked passwords, such as those found in /etc/shadow while performing authentications."
},
{
"lang": "es",
"value": "Se encontr\u00f3 una vulnerabilidad en PAM. La informaci\u00f3n secreta se almacena en la memoria, donde el atacante puede hacer que el programa v\u00edctima se ejecute enviando caracteres a su entrada est\u00e1ndar (stdin). Mientras esto ocurre, el atacante puede entrenar al predictor de bifurcaciones para que ejecute una cadena ROP de manera especulativa. Esta falla podr\u00eda provocar la filtraci\u00f3n de contrase\u00f1as, como las que se encuentran en /etc/shadow mientras se realizan autenticaciones."
}
],
"id": "CVE-2024-10041",
"lastModified": "2024-12-18T10:15:05.850",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.0,
"impactScore": 3.6,
"source": "secalert@redhat.com",
"type": "Secondary"
}
]
},
"published": "2024-10-23T14:15:03.970",
"references": [
{
"source": "secalert@redhat.com",
"url": "https://access.redhat.com/errata/RHSA-2024:10379"
},
{
"source": "secalert@redhat.com",
"url": "https://access.redhat.com/errata/RHSA-2024:11250"
},
{
"source": "secalert@redhat.com",
"url": "https://access.redhat.com/errata/RHSA-2024:9941"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mitigation",
"Third Party Advisory"
],
"url": "https://access.redhat.com/security/cve/CVE-2024-10041"
},
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2319212"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-922"
}
],
"source": "secalert@redhat.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-922"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
FKIE_CVE-2024-22365
Vulnerability from fkie_nvd - Published: 2024-02-06 08:15 - Updated: 2025-11-03 19:15
Severity ?
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Summary
linux-pam (aka Linux PAM) before 1.6.0 allows attackers to cause a denial of service (blocked login process) via mkfifo because the openat call (for protect_dir) lacks O_DIRECTORY.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:linux-pam:linux-pam:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8B735A60-FB87-4597-BFF4-A6ED201E71A1",
"versionEndExcluding": "1.6.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "linux-pam (aka Linux PAM) before 1.6.0 allows attackers to cause a denial of service (blocked login process) via mkfifo because the openat call (for protect_dir) lacks O_DIRECTORY."
},
{
"lang": "es",
"value": "linux-pam (tambi\u00e9n conocido como Linux PAM) anterior a 1.6.0 permite a los atacantes provocar una denegaci\u00f3n de servicio (proceso de inicio de sesi\u00f3n bloqueado) a trav\u00e9s de mkfifo porque la llamada openat (para protect_dir) carece de O_DIRECTORY."
}
],
"id": "CVE-2024-22365",
"lastModified": "2025-11-03T19:15:42.857",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2024-02-06T08:15:52.203",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Mailing List",
"Patch",
"Release Notes"
],
"url": "http://www.openwall.com/lists/oss-security/2024/01/18/3"
},
{
"source": "cve@mitre.org",
"tags": [
"Product"
],
"url": "https://github.com/linux-pam/linux-pam"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "https://github.com/linux-pam/linux-pam/commit/031bb5a5d0d950253b68138b498dc93be69a64cb"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes"
],
"url": "https://github.com/linux-pam/linux-pam/releases/tag/v1.6.0"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Mailing List",
"Patch",
"Release Notes"
],
"url": "http://www.openwall.com/lists/oss-security/2024/01/18/3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
],
"url": "https://github.com/linux-pam/linux-pam"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/linux-pam/linux-pam/commit/031bb5a5d0d950253b68138b498dc93be69a64cb"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://github.com/linux-pam/linux-pam/releases/tag/v1.6.0"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.debian.org/debian-lts-announce/2025/09/msg00021.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-664"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
FKIE_CVE-2022-28321
Vulnerability from fkie_nvd - Published: 2022-09-19 22:15 - Updated: 2025-05-29 16:15
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
The Linux-PAM package before 1.5.2-6.1 for openSUSE Tumbleweed allows authentication bypass for SSH logins. The pam_access.so module doesn't correctly restrict login if a user tries to connect from an IP address that is not resolvable via DNS. In such conditions, a user with denied access to a machine can still get access. NOTE: the relevance of this issue is largely limited to openSUSE Tumbleweed and openSUSE Factory; it does not affect Linux-PAM upstream.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | http://download.opensuse.org/source/distribution/openSUSE-current/repo/oss/src/ | Patch, Vendor Advisory | |
| cve@mitre.org | https://bugzilla.suse.com/show_bug.cgi?id=1197654 | Issue Tracking, Patch, Vendor Advisory | |
| cve@mitre.org | https://www.suse.com/security/cve/CVE-2022-28321.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://download.opensuse.org/source/distribution/openSUSE-current/repo/oss/src/ | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.suse.com/show_bug.cgi?id=1197654 | Issue Tracking, Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.suse.com/security/cve/CVE-2022-28321.html | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| linux-pam | linux-pam | * | |
| opensuse | tumbleweed | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:linux-pam:linux-pam:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7CB27F60-F24C-4A17-B9EE-4B20B47244A8",
"versionEndExcluding": "1.5.2-6.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:opensuse:tumbleweed:-:*:*:*:*:*:*:*",
"matchCriteriaId": "107C84EE-5E5C-4C36-A6DA-295144A527E9",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Linux-PAM package before 1.5.2-6.1 for openSUSE Tumbleweed allows authentication bypass for SSH logins. The pam_access.so module doesn\u0027t correctly restrict login if a user tries to connect from an IP address that is not resolvable via DNS. In such conditions, a user with denied access to a machine can still get access. NOTE: the relevance of this issue is largely limited to openSUSE Tumbleweed and openSUSE Factory; it does not affect Linux-PAM upstream."
},
{
"lang": "es",
"value": "El paquete Linux-PAM versiones anteriores a 1.5.2-6.1 para openSUSE Tumbleweed, permite omitir la autenticaci\u00f3n en los inicios de sesi\u00f3n SSH. El m\u00f3dulo pam_access.so no restringe correctamente el inicio de sesi\u00f3n si un usuario intenta conectarse desde una direcci\u00f3n IP que no es resoluble por medio de DNS. En tales condiciones, un usuario con acceso denegado a una m\u00e1quina puede seguir accediendo. NOTA: la relevancia de este problema es limitada en gran medida a openSUSE Tumbleweed y openSUSE Factory; no afecta a Linux-PAM upstream"
}
],
"id": "CVE-2022-28321",
"lastModified": "2025-05-29T16:15:27.793",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2022-09-19T22:15:10.913",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://download.opensuse.org/source/distribution/openSUSE-current/repo/oss/src/"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Patch",
"Vendor Advisory"
],
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1197654"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.suse.com/security/cve/CVE-2022-28321.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://download.opensuse.org/source/distribution/openSUSE-current/repo/oss/src/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Vendor Advisory"
],
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1197654"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.suse.com/security/cve/CVE-2022-28321.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
FKIE_CVE-2020-27780
Vulnerability from fkie_nvd - Published: 2020-12-18 00:15 - Updated: 2024-11-21 05:21
Severity ?
Summary
A flaw was found in Linux-Pam in versions prior to 1.5.1 in the way it handle empty passwords for non-existing users. When the user doesn't exist PAM try to authenticate with root and in the case of an empty password it successfully authenticate.
References
| URL | Tags | ||
|---|---|---|---|
| secalert@redhat.com | https://bugzilla.redhat.com/show_bug.cgi?id=1901094 | Issue Tracking, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=1901094 | Issue Tracking, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:linux-pam:linux-pam:*:*:*:*:*:*:*:*",
"matchCriteriaId": "693B7D7D-6BD3-4E5F-9E03-048B5BA832E7",
"versionEndExcluding": "1.5.1",
"versionStartIncluding": "1.5.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in Linux-Pam in versions prior to 1.5.1 in the way it handle empty passwords for non-existing users. When the user doesn\u0027t exist PAM try to authenticate with root and in the case of an empty password it successfully authenticate."
},
{
"lang": "es",
"value": "Se encontr\u00f3 un fallo en Linux-Pam en versiones anteriores a 1.5.1 en la manera en que maneja contrase\u00f1as vac\u00edas para usuarios inexistentes.\u0026#xa0;Cuando el usuario no existe, PAM intenta autenticarse con root y en el caso de una contrase\u00f1a vac\u00eda, es autenticado con \u00e9xito"
}
],
"id": "CVE-2020-27780",
"lastModified": "2024-11-21T05:21:49.307",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-12-18T00:15:14.330",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1901094"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1901094"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "secalert@redhat.com",
"type": "Primary"
}
]
}
FKIE_CVE-2015-3238
Vulnerability from fkie_nvd - Published: 2015-08-24 14:59 - Updated: 2025-04-12 10:46
Severity ?
Summary
The _unix_run_helper_binary function in the pam_unix module in Linux-PAM (aka pam) before 1.2.1, when unable to directly access passwords, allows local users to enumerate usernames or cause a denial of service (hang) via a large password.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| linux-pam | linux-pam | * | |
| oracle | sparc-opl_service_processor | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:linux-pam:linux-pam:*:*:*:*:*:*:*:*",
"matchCriteriaId": "97736CA5-0370-4CA9-B5D4-E157B3E699F5",
"versionEndIncluding": "1.1.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:sparc-opl_service_processor:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6AF02A45-1811-44F2-B3C9-90C11F5DF6DF",
"versionEndIncluding": "1121",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The _unix_run_helper_binary function in the pam_unix module in Linux-PAM (aka pam) before 1.2.1, when unable to directly access passwords, allows local users to enumerate usernames or cause a denial of service (hang) via a large password."
},
{
"lang": "es",
"value": "Vulnerabilidad en la funci\u00f3n _unix_run_helper_binary en el m\u00f3dulo pam_unix en Linux-PAM (tambi\u00e9n conocido como pam) en versiones anteriores a 1.2.1, cuando no es posible acceder directamente a las contrase\u00f1as, permite a usuarios locales enumerar los nombres de usuario o causar una denegaci\u00f3n de servicio (colgado) a trav\u00e9s de una contrase\u00f1a larga."
}
],
"id": "CVE-2015-3238",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.5,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2015-08-24T14:59:04.010",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-July/161350.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-June/161249.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-1640.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2015/06/25/13"
},
{
"source": "secalert@redhat.com",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/75428"
},
{
"source": "secalert@redhat.com",
"url": "http://www.ubuntu.com/usn/USN-2935-1"
},
{
"source": "secalert@redhat.com",
"url": "http://www.ubuntu.com/usn/USN-2935-2"
},
{
"source": "secalert@redhat.com",
"url": "http://www.ubuntu.com/usn/USN-2935-3"
},
{
"source": "secalert@redhat.com",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1228571"
},
{
"source": "secalert@redhat.com",
"url": "https://security.gentoo.org/glsa/201605-05"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit"
],
"url": "https://www.trustwave.com/Resources/Security-Advisories/Advisories/TWSL2015-011/?fid=6551"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit"
],
"url": "https://www.trustwave.com/Resources/SpiderLabs-Blog/Username-Enumeration-against-OpenSSH-SELinux-with-CVE-2015-3238/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-July/161350.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-June/161249.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-1640.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2015/06/25/13"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/75428"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-2935-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-2935-2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-2935-3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1228571"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.gentoo.org/glsa/201605-05"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "https://www.trustwave.com/Resources/Security-Advisories/Advisories/TWSL2015-011/?fid=6551"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "https://www.trustwave.com/Resources/SpiderLabs-Blog/Username-Enumeration-against-OpenSSH-SELinux-with-CVE-2015-3238/"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2014-2583
Vulnerability from fkie_nvd - Published: 2014-04-10 20:29 - Updated: 2025-04-12 10:46
Severity ?
Summary
Multiple directory traversal vulnerabilities in pam_timestamp.c in the pam_timestamp module for Linux-PAM (aka pam) 1.1.8 allow local users to create arbitrary files or possibly bypass authentication via a .. (dot dot) in the (1) PAM_RUSER value to the get_ruser function or (2) PAM_TTY value to the check_tty function, which is used by the format_timestamp_name function.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:linux-pam:linux-pam:1.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "90605E61-D799-47D1-AE78-F47D0DCE4CC6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple directory traversal vulnerabilities in pam_timestamp.c in the pam_timestamp module for Linux-PAM (aka pam) 1.1.8 allow local users to create arbitrary files or possibly bypass authentication via a .. (dot dot) in the (1) PAM_RUSER value to the get_ruser function or (2) PAM_TTY value to the check_tty function, which is used by the format_timestamp_name function."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de salto de directorio en pam_timestamp.c en el m\u00f3dulo pam_timestamp para Linux-PAM (tambi\u00e9n conocido como pam) 1.1.8 permite a atacantes remotos crear archivos arbitrarios o posiblemente eludir la autenticaci\u00f3n a trav\u00e9s de un .. (punto punto) en el valor(1) PAM_RUSER para la funci\u00f3n get_ruser o en el valor (2) PAM_TTY para la funci\u00f3n check_tty, que es utilizada por la funci\u00f3n format_timestamp_name."
}
],
"id": "CVE-2014-2583",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-04-10T20:29:20.707",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/57317"
},
{
"source": "cve@mitre.org",
"url": "http://www.openwall.com/lists/oss-security/2014/03/24/5"
},
{
"source": "cve@mitre.org",
"url": "http://www.openwall.com/lists/oss-security/2014/03/26/10"
},
{
"source": "cve@mitre.org",
"url": "http://www.openwall.com/lists/oss-security/2014/03/31/6"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/66493"
},
{
"source": "cve@mitre.org",
"url": "http://www.ubuntu.com/usn/USN-2935-1"
},
{
"source": "cve@mitre.org",
"url": "http://www.ubuntu.com/usn/USN-2935-2"
},
{
"source": "cve@mitre.org",
"url": "http://www.ubuntu.com/usn/USN-2935-3"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch"
],
"url": "https://git.fedorahosted.org/cgit/linux-pam.git/commit/?id=Linux-PAM-1_1_8-32-g9dcead8"
},
{
"source": "cve@mitre.org",
"url": "https://security.gentoo.org/glsa/201605-05"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/57317"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2014/03/24/5"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2014/03/26/10"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2014/03/31/6"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/66493"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-2935-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-2935-2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-2935-3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "https://git.fedorahosted.org/cgit/linux-pam.git/commit/?id=Linux-PAM-1_1_8-32-g9dcead8"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.gentoo.org/glsa/201605-05"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2011-3149
Vulnerability from fkie_nvd - Published: 2012-07-22 17:55 - Updated: 2025-04-11 00:51
Severity ?
Summary
The _expand_arg function in the pam_env module (modules/pam_env/pam_env.c) in Linux-PAM (aka pam) before 1.1.5 does not properly handle when environment variable expansion can overflow, which allows local users to cause a denial of service (CPU consumption).
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| linux-pam | linux-pam | * | |
| linux-pam | linux-pam | 0.99.1.0 | |
| linux-pam | linux-pam | 0.99.2.0 | |
| linux-pam | linux-pam | 0.99.2.1 | |
| linux-pam | linux-pam | 0.99.3.0 | |
| linux-pam | linux-pam | 0.99.4.0 | |
| linux-pam | linux-pam | 0.99.5.0 | |
| linux-pam | linux-pam | 0.99.6.0 | |
| linux-pam | linux-pam | 0.99.6.1 | |
| linux-pam | linux-pam | 0.99.6.2 | |
| linux-pam | linux-pam | 0.99.6.3 | |
| linux-pam | linux-pam | 0.99.7.0 | |
| linux-pam | linux-pam | 0.99.7.1 | |
| linux-pam | linux-pam | 0.99.8.0 | |
| linux-pam | linux-pam | 0.99.8.1 | |
| linux-pam | linux-pam | 0.99.9.0 | |
| linux-pam | linux-pam | 0.99.10.0 | |
| linux-pam | linux-pam | 1.0.0 | |
| linux-pam | linux-pam | 1.0.1 | |
| linux-pam | linux-pam | 1.0.2 | |
| linux-pam | linux-pam | 1.0.3 | |
| linux-pam | linux-pam | 1.0.4 | |
| linux-pam | linux-pam | 1.1.0 | |
| linux-pam | linux-pam | 1.1.1 | |
| linux-pam | linux-pam | 1.1.2 | |
| linux-pam | linux-pam | 1.1.3 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:linux-pam:linux-pam:*:*:*:*:*:*:*:*",
"matchCriteriaId": "92B08B4D-8A9C-4BF4-94AD-9ED9E86C7138",
"versionEndIncluding": "1.1.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linux-pam:linux-pam:0.99.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B59C70C7-FABE-4A45-A45D-2C7276D698DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linux-pam:linux-pam:0.99.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DBA50D8F-D5A8-4123-93CF-E7714571F411",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linux-pam:linux-pam:0.99.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DB8820C0-1ECB-45AD-A573-5667F0D09776",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linux-pam:linux-pam:0.99.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5D416053-0010-4B25-9F7C-6054C51C1685",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linux-pam:linux-pam:0.99.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B97AB578-0E9E-4370-8379-0CD455F2D740",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linux-pam:linux-pam:0.99.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "22A6147C-CC0A-4C9F-B9A9-E144F2133592",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linux-pam:linux-pam:0.99.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6DEF8EC8-0E0A-4C0A-95BE-FB7C23732083",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linux-pam:linux-pam:0.99.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C9A9AB1C-FDF8-4E98-8773-387E03CD93E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linux-pam:linux-pam:0.99.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8F94AA92-5854-46B9-8B3C-08FCC5B071CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linux-pam:linux-pam:0.99.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "FD5C0039-827C-45CD-99BE-95459006CA59",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linux-pam:linux-pam:0.99.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F4256C34-DBCA-4FE0-96A5-874D7F00869A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linux-pam:linux-pam:0.99.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1B2613D2-33C1-4132-AD9A-68190A59C0F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linux-pam:linux-pam:0.99.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "08FDE78F-119B-4FC8-BBFA-8048F2CF1227",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linux-pam:linux-pam:0.99.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C4A75789-F7EC-4D9C-942A-243DF92E5CA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linux-pam:linux-pam:0.99.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3753027E-D3A4-45D4-A3A3-2320C48AF6C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linux-pam:linux-pam:0.99.10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6533A629-6351-4831-BBF7-44718262FAF3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linux-pam:linux-pam:1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "516F23F9-25B3-40DB-A3CA-2F1DE0678934",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linux-pam:linux-pam:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5F3ACA7F-D247-439C-8B5E-287EC5D236AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linux-pam:linux-pam:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6A30E5C3-501D-4DAA-B7F7-E42F98DEDBF9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linux-pam:linux-pam:1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "AEC8C86C-9FC7-4838-BFD8-90431DEC4946",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linux-pam:linux-pam:1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "EBE3BF43-7402-4CC0-A329-C8597A0758C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linux-pam:linux-pam:1.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7A39C8AD-FA7C-4C64-AAB7-93CC461E73F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linux-pam:linux-pam:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1F7BA7CC-F284-40C8-998D-FC70CCAB58D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linux-pam:linux-pam:1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "56F68CBA-E64A-4085-8902-5EBF9A5349D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linux-pam:linux-pam:1.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "4B696CDD-C93E-4E88-B2DC-BB9978D879E2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The _expand_arg function in the pam_env module (modules/pam_env/pam_env.c) in Linux-PAM (aka pam) before 1.1.5 does not properly handle when environment variable expansion can overflow, which allows local users to cause a denial of service (CPU consumption)."
},
{
"lang": "es",
"value": "La funci\u00f3n _expand_arg en el m\u00f3dulo pam_env (modules / pam_env / pam_env.c) en Linux-PAM (tambi\u00e9n conocido como pam) antes de v1.1.5 no controla correctamente cuando la expansi\u00f3n de la variable de entorno puede desbordarse, lo que permite a usuarios locales provocar una denegaci\u00f3n de servicio (el consumo de CPU)."
}
],
"id": "CVE-2011-3149",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 2.1,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2012-07-22T17:55:01.103",
"references": [
{
"source": "cve@mitre.org",
"url": "http://git.fedorahosted.org/git/?p=linux-pam.git%3Ba=commitdiff%3Bh=109823cb621c900c07c4b6cdc99070d354d19444"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/46583"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/49711"
},
{
"source": "cve@mitre.org",
"url": "http://security.gentoo.org/glsa/glsa-201206-31.xml"
},
{
"source": "cve@mitre.org",
"url": "http://www.ubuntu.com/usn/USN-1237-1"
},
{
"source": "cve@mitre.org",
"url": "https://bugs.launchpad.net/ubuntu/+source/pam/+bug/874565"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://git.fedorahosted.org/git/?p=linux-pam.git%3Ba=commitdiff%3Bh=109823cb621c900c07c4b6cdc99070d354d19444"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/46583"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/49711"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.gentoo.org/glsa/glsa-201206-31.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-1237-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugs.launchpad.net/ubuntu/+source/pam/+bug/874565"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2011-3148
Vulnerability from fkie_nvd - Published: 2012-07-22 17:55 - Updated: 2025-04-11 00:51
Severity ?
Summary
Stack-based buffer overflow in the _assemble_line function in modules/pam_env/pam_env.c in Linux-PAM (aka pam) before 1.1.5 allows local users to cause a denial of service (crash) and possibly execute arbitrary code via a long string of white spaces at the beginning of the ~/.pam_environment file.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| linux-pam | linux-pam | * | |
| linux-pam | linux-pam | 0.99.1.0 | |
| linux-pam | linux-pam | 0.99.2.0 | |
| linux-pam | linux-pam | 0.99.2.1 | |
| linux-pam | linux-pam | 0.99.3.0 | |
| linux-pam | linux-pam | 0.99.4.0 | |
| linux-pam | linux-pam | 0.99.5.0 | |
| linux-pam | linux-pam | 0.99.6.0 | |
| linux-pam | linux-pam | 0.99.6.1 | |
| linux-pam | linux-pam | 0.99.6.2 | |
| linux-pam | linux-pam | 0.99.6.3 | |
| linux-pam | linux-pam | 0.99.7.0 | |
| linux-pam | linux-pam | 0.99.7.1 | |
| linux-pam | linux-pam | 0.99.8.0 | |
| linux-pam | linux-pam | 0.99.8.1 | |
| linux-pam | linux-pam | 0.99.9.0 | |
| linux-pam | linux-pam | 0.99.10.0 | |
| linux-pam | linux-pam | 1.0.0 | |
| linux-pam | linux-pam | 1.0.1 | |
| linux-pam | linux-pam | 1.0.2 | |
| linux-pam | linux-pam | 1.0.3 | |
| linux-pam | linux-pam | 1.0.4 | |
| linux-pam | linux-pam | 1.1.0 | |
| linux-pam | linux-pam | 1.1.1 | |
| linux-pam | linux-pam | 1.1.2 | |
| linux-pam | linux-pam | 1.1.3 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:linux-pam:linux-pam:*:*:*:*:*:*:*:*",
"matchCriteriaId": "92B08B4D-8A9C-4BF4-94AD-9ED9E86C7138",
"versionEndIncluding": "1.1.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linux-pam:linux-pam:0.99.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B59C70C7-FABE-4A45-A45D-2C7276D698DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linux-pam:linux-pam:0.99.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DBA50D8F-D5A8-4123-93CF-E7714571F411",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linux-pam:linux-pam:0.99.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DB8820C0-1ECB-45AD-A573-5667F0D09776",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linux-pam:linux-pam:0.99.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5D416053-0010-4B25-9F7C-6054C51C1685",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linux-pam:linux-pam:0.99.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B97AB578-0E9E-4370-8379-0CD455F2D740",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linux-pam:linux-pam:0.99.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "22A6147C-CC0A-4C9F-B9A9-E144F2133592",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linux-pam:linux-pam:0.99.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6DEF8EC8-0E0A-4C0A-95BE-FB7C23732083",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linux-pam:linux-pam:0.99.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C9A9AB1C-FDF8-4E98-8773-387E03CD93E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linux-pam:linux-pam:0.99.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8F94AA92-5854-46B9-8B3C-08FCC5B071CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linux-pam:linux-pam:0.99.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "FD5C0039-827C-45CD-99BE-95459006CA59",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linux-pam:linux-pam:0.99.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F4256C34-DBCA-4FE0-96A5-874D7F00869A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linux-pam:linux-pam:0.99.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1B2613D2-33C1-4132-AD9A-68190A59C0F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linux-pam:linux-pam:0.99.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "08FDE78F-119B-4FC8-BBFA-8048F2CF1227",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linux-pam:linux-pam:0.99.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C4A75789-F7EC-4D9C-942A-243DF92E5CA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linux-pam:linux-pam:0.99.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3753027E-D3A4-45D4-A3A3-2320C48AF6C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linux-pam:linux-pam:0.99.10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6533A629-6351-4831-BBF7-44718262FAF3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linux-pam:linux-pam:1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "516F23F9-25B3-40DB-A3CA-2F1DE0678934",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linux-pam:linux-pam:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5F3ACA7F-D247-439C-8B5E-287EC5D236AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linux-pam:linux-pam:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6A30E5C3-501D-4DAA-B7F7-E42F98DEDBF9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linux-pam:linux-pam:1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "AEC8C86C-9FC7-4838-BFD8-90431DEC4946",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linux-pam:linux-pam:1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "EBE3BF43-7402-4CC0-A329-C8597A0758C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linux-pam:linux-pam:1.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7A39C8AD-FA7C-4C64-AAB7-93CC461E73F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linux-pam:linux-pam:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1F7BA7CC-F284-40C8-998D-FC70CCAB58D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linux-pam:linux-pam:1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "56F68CBA-E64A-4085-8902-5EBF9A5349D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linux-pam:linux-pam:1.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "4B696CDD-C93E-4E88-B2DC-BB9978D879E2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in the _assemble_line function in modules/pam_env/pam_env.c in Linux-PAM (aka pam) before 1.1.5 allows local users to cause a denial of service (crash) and possibly execute arbitrary code via a long string of white spaces at the beginning of the ~/.pam_environment file."
},
{
"lang": "es",
"value": "Desbordamiento de b\u00fafer basado en pila en la funci\u00f3n _assemble_line en modules/pam_env/ pam_env.c en Linux-PAM (tambi\u00e9n conocido como PAM) anterior a v1.1.5 permite a usuarios locales provocar una denegaci\u00f3n de servicio (ca\u00edda) y posiblemente ejecutar c\u00f3digo arbitrario a trav\u00e9s de una larga cadena de los espacios en blanco al principio del archivo ~/.pam_environment."
}
],
"id": "CVE-2011-3148",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2012-07-22T17:55:01.057",
"references": [
{
"source": "cve@mitre.org",
"url": "http://git.fedorahosted.org/git/?p=linux-pam.git%3Ba=commitdiff%3Bh=caf5e7f61c8d9288daa49b4f61962e6b1239121d"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/46583"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/49711"
},
{
"source": "cve@mitre.org",
"url": "http://security.gentoo.org/glsa/glsa-201206-31.xml"
},
{
"source": "cve@mitre.org",
"url": "http://www.ubuntu.com/usn/USN-1237-1"
},
{
"source": "cve@mitre.org",
"url": "https://bugs.launchpad.net/ubuntu/+source/pam/+bug/874469"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://git.fedorahosted.org/git/?p=linux-pam.git%3Ba=commitdiff%3Bh=caf5e7f61c8d9288daa49b4f61962e6b1239121d"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/46583"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/49711"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.gentoo.org/glsa/glsa-201206-31.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-1237-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugs.launchpad.net/ubuntu/+source/pam/+bug/874469"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2010-4708
Vulnerability from fkie_nvd - Published: 2011-01-24 19:00 - Updated: 2025-04-11 00:51
Severity ?
Summary
The pam_env module in Linux-PAM (aka pam) 1.1.2 and earlier reads the .pam_environment file in a user's home directory, which might allow local users to run programs with an unintended environment by executing a program that relies on the pam_env PAM check.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| linux-pam | linux-pam | * | |
| linux-pam | linux-pam | 0.99.1.0 | |
| linux-pam | linux-pam | 0.99.2.0 | |
| linux-pam | linux-pam | 0.99.2.1 | |
| linux-pam | linux-pam | 0.99.3.0 | |
| linux-pam | linux-pam | 0.99.4.0 | |
| linux-pam | linux-pam | 0.99.5.0 | |
| linux-pam | linux-pam | 0.99.6.0 | |
| linux-pam | linux-pam | 0.99.6.1 | |
| linux-pam | linux-pam | 0.99.6.2 | |
| linux-pam | linux-pam | 0.99.6.3 | |
| linux-pam | linux-pam | 0.99.7.0 | |
| linux-pam | linux-pam | 0.99.7.1 | |
| linux-pam | linux-pam | 0.99.8.0 | |
| linux-pam | linux-pam | 0.99.8.1 | |
| linux-pam | linux-pam | 0.99.9.0 | |
| linux-pam | linux-pam | 0.99.10.0 | |
| linux-pam | linux-pam | 1.0.0 | |
| linux-pam | linux-pam | 1.0.1 | |
| linux-pam | linux-pam | 1.0.2 | |
| linux-pam | linux-pam | 1.0.3 | |
| linux-pam | linux-pam | 1.0.4 | |
| linux-pam | linux-pam | 1.1.0 | |
| linux-pam | linux-pam | 1.1.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:linux-pam:linux-pam:*:*:*:*:*:*:*:*",
"matchCriteriaId": "13C9E7AE-3FFF-4A41-BEB0-2E37B6000901",
"versionEndIncluding": "1.1.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linux-pam:linux-pam:0.99.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B59C70C7-FABE-4A45-A45D-2C7276D698DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linux-pam:linux-pam:0.99.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DBA50D8F-D5A8-4123-93CF-E7714571F411",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linux-pam:linux-pam:0.99.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DB8820C0-1ECB-45AD-A573-5667F0D09776",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linux-pam:linux-pam:0.99.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5D416053-0010-4B25-9F7C-6054C51C1685",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linux-pam:linux-pam:0.99.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B97AB578-0E9E-4370-8379-0CD455F2D740",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linux-pam:linux-pam:0.99.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "22A6147C-CC0A-4C9F-B9A9-E144F2133592",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linux-pam:linux-pam:0.99.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6DEF8EC8-0E0A-4C0A-95BE-FB7C23732083",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linux-pam:linux-pam:0.99.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C9A9AB1C-FDF8-4E98-8773-387E03CD93E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linux-pam:linux-pam:0.99.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8F94AA92-5854-46B9-8B3C-08FCC5B071CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linux-pam:linux-pam:0.99.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "FD5C0039-827C-45CD-99BE-95459006CA59",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linux-pam:linux-pam:0.99.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F4256C34-DBCA-4FE0-96A5-874D7F00869A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linux-pam:linux-pam:0.99.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1B2613D2-33C1-4132-AD9A-68190A59C0F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linux-pam:linux-pam:0.99.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "08FDE78F-119B-4FC8-BBFA-8048F2CF1227",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linux-pam:linux-pam:0.99.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C4A75789-F7EC-4D9C-942A-243DF92E5CA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linux-pam:linux-pam:0.99.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3753027E-D3A4-45D4-A3A3-2320C48AF6C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linux-pam:linux-pam:0.99.10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6533A629-6351-4831-BBF7-44718262FAF3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linux-pam:linux-pam:1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "516F23F9-25B3-40DB-A3CA-2F1DE0678934",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linux-pam:linux-pam:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5F3ACA7F-D247-439C-8B5E-287EC5D236AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linux-pam:linux-pam:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6A30E5C3-501D-4DAA-B7F7-E42F98DEDBF9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linux-pam:linux-pam:1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "AEC8C86C-9FC7-4838-BFD8-90431DEC4946",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linux-pam:linux-pam:1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "EBE3BF43-7402-4CC0-A329-C8597A0758C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linux-pam:linux-pam:1.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7A39C8AD-FA7C-4C64-AAB7-93CC461E73F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linux-pam:linux-pam:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1F7BA7CC-F284-40C8-998D-FC70CCAB58D9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The pam_env module in Linux-PAM (aka pam) 1.1.2 and earlier reads the .pam_environment file in a user\u0027s home directory, which might allow local users to run programs with an unintended environment by executing a program that relies on the pam_env PAM check."
},
{
"lang": "es",
"value": "El modulo pam_env en Linux-PAM (tambi\u00e9n conocido como pam) v1.1.2 y anteriores lee el archivo .pam_environment en el directorio home de un usuario, lo que permite a usuarios locales ejecutar programas en un entorno no deseado ejecutando programas que conf\u00edan en la comprobaci\u00f3n pam_env PAM."
}
],
"id": "CVE-2010-4708",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2011-01-24T19:00:02.190",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://openwall.com/lists/oss-security/2010/09/27/7"
},
{
"source": "cve@mitre.org",
"url": "http://pam.cvs.sourceforge.net/viewvc/pam/Linux-PAM/modules/pam_env/pam_env.8.xml?r1=1.7\u0026r2=1.8"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://pam.cvs.sourceforge.net/viewvc/pam/Linux-PAM/modules/pam_env/pam_env.c?r1=1.22\u0026r2=1.23"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/49711"
},
{
"source": "cve@mitre.org",
"url": "http://security.gentoo.org/glsa/glsa-201206-31.xml"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/46046"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=641335"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65037"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://openwall.com/lists/oss-security/2010/09/27/7"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://pam.cvs.sourceforge.net/viewvc/pam/Linux-PAM/modules/pam_env/pam_env.8.xml?r1=1.7\u0026r2=1.8"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://pam.cvs.sourceforge.net/viewvc/pam/Linux-PAM/modules/pam_env/pam_env.c?r1=1.22\u0026r2=1.23"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/49711"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.gentoo.org/glsa/glsa-201206-31.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/46046"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=641335"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65037"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2010-4707
Vulnerability from fkie_nvd - Published: 2011-01-24 19:00 - Updated: 2025-04-11 00:51
Severity ?
Summary
The check_acl function in pam_xauth.c in the pam_xauth module in Linux-PAM (aka pam) 1.1.2 and earlier does not verify that a certain ACL file is a regular file, which might allow local users to cause a denial of service (resource consumption) via a special file.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| linux-pam | linux-pam | * | |
| linux-pam | linux-pam | 0.99.1.0 | |
| linux-pam | linux-pam | 0.99.2.0 | |
| linux-pam | linux-pam | 0.99.2.1 | |
| linux-pam | linux-pam | 0.99.3.0 | |
| linux-pam | linux-pam | 0.99.4.0 | |
| linux-pam | linux-pam | 0.99.5.0 | |
| linux-pam | linux-pam | 0.99.6.0 | |
| linux-pam | linux-pam | 0.99.6.1 | |
| linux-pam | linux-pam | 0.99.6.2 | |
| linux-pam | linux-pam | 0.99.6.3 | |
| linux-pam | linux-pam | 0.99.7.0 | |
| linux-pam | linux-pam | 0.99.7.1 | |
| linux-pam | linux-pam | 0.99.8.0 | |
| linux-pam | linux-pam | 0.99.8.1 | |
| linux-pam | linux-pam | 0.99.9.0 | |
| linux-pam | linux-pam | 0.99.10.0 | |
| linux-pam | linux-pam | 1.0.0 | |
| linux-pam | linux-pam | 1.0.1 | |
| linux-pam | linux-pam | 1.0.2 | |
| linux-pam | linux-pam | 1.0.3 | |
| linux-pam | linux-pam | 1.0.4 | |
| linux-pam | linux-pam | 1.1.0 | |
| linux-pam | linux-pam | 1.1.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:linux-pam:linux-pam:*:*:*:*:*:*:*:*",
"matchCriteriaId": "13C9E7AE-3FFF-4A41-BEB0-2E37B6000901",
"versionEndIncluding": "1.1.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linux-pam:linux-pam:0.99.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B59C70C7-FABE-4A45-A45D-2C7276D698DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linux-pam:linux-pam:0.99.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DBA50D8F-D5A8-4123-93CF-E7714571F411",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linux-pam:linux-pam:0.99.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DB8820C0-1ECB-45AD-A573-5667F0D09776",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linux-pam:linux-pam:0.99.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5D416053-0010-4B25-9F7C-6054C51C1685",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linux-pam:linux-pam:0.99.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B97AB578-0E9E-4370-8379-0CD455F2D740",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linux-pam:linux-pam:0.99.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "22A6147C-CC0A-4C9F-B9A9-E144F2133592",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linux-pam:linux-pam:0.99.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6DEF8EC8-0E0A-4C0A-95BE-FB7C23732083",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linux-pam:linux-pam:0.99.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C9A9AB1C-FDF8-4E98-8773-387E03CD93E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linux-pam:linux-pam:0.99.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8F94AA92-5854-46B9-8B3C-08FCC5B071CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linux-pam:linux-pam:0.99.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "FD5C0039-827C-45CD-99BE-95459006CA59",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linux-pam:linux-pam:0.99.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F4256C34-DBCA-4FE0-96A5-874D7F00869A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linux-pam:linux-pam:0.99.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1B2613D2-33C1-4132-AD9A-68190A59C0F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linux-pam:linux-pam:0.99.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "08FDE78F-119B-4FC8-BBFA-8048F2CF1227",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linux-pam:linux-pam:0.99.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C4A75789-F7EC-4D9C-942A-243DF92E5CA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linux-pam:linux-pam:0.99.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3753027E-D3A4-45D4-A3A3-2320C48AF6C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linux-pam:linux-pam:0.99.10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6533A629-6351-4831-BBF7-44718262FAF3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linux-pam:linux-pam:1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "516F23F9-25B3-40DB-A3CA-2F1DE0678934",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linux-pam:linux-pam:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5F3ACA7F-D247-439C-8B5E-287EC5D236AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linux-pam:linux-pam:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6A30E5C3-501D-4DAA-B7F7-E42F98DEDBF9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linux-pam:linux-pam:1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "AEC8C86C-9FC7-4838-BFD8-90431DEC4946",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linux-pam:linux-pam:1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "EBE3BF43-7402-4CC0-A329-C8597A0758C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linux-pam:linux-pam:1.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7A39C8AD-FA7C-4C64-AAB7-93CC461E73F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linux-pam:linux-pam:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1F7BA7CC-F284-40C8-998D-FC70CCAB58D9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The check_acl function in pam_xauth.c in the pam_xauth module in Linux-PAM (aka pam) 1.1.2 and earlier does not verify that a certain ACL file is a regular file, which might allow local users to cause a denial of service (resource consumption) via a special file."
},
{
"lang": "es",
"value": "La funci\u00f3n check_acl en pam_xauth.c en el m\u00f3dulo pam_xauth en Linux-PAM (tambi\u00e9n conocido como pam) v1.1.2 y anteriores no verifica adecuadamente que un cierto archivo ACL es un archivo regular, lo que permite que usuarios locales provoquen una denegaci\u00f3n de servicio (consumo de todos los recursos) a trav\u00e9s de un archivo especial."
}
],
"id": "CVE-2010-4707",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2011-01-24T19:00:01.957",
"references": [
{
"source": "cve@mitre.org",
"url": "http://git.altlinux.org/people/ldv/packages/?p=pam.git%3Ba=commit%3Bh=Linux-PAM-1_1_2-2-gffe7058c70253d574b1963c7c93002bd410fddc9"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://openwall.com/lists/oss-security/2010/10/03/1"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/49711"
},
{
"source": "cve@mitre.org",
"url": "http://security.gentoo.org/glsa/glsa-201206-31.xml"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/46045"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65036"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://git.altlinux.org/people/ldv/packages/?p=pam.git%3Ba=commit%3Bh=Linux-PAM-1_1_2-2-gffe7058c70253d574b1963c7c93002bd410fddc9"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://openwall.com/lists/oss-security/2010/10/03/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/49711"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.gentoo.org/glsa/glsa-201206-31.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/46045"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65036"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-399"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2010-4706
Vulnerability from fkie_nvd - Published: 2011-01-24 19:00 - Updated: 2025-04-11 00:51
Severity ?
Summary
The pam_sm_close_session function in pam_xauth.c in the pam_xauth module in Linux-PAM (aka pam) 1.1.2 and earlier does not properly handle a failure to determine a certain target uid, which might allow local users to delete unintended files by executing a program that relies on the pam_xauth PAM check.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| linux-pam | linux-pam | * | |
| linux-pam | linux-pam | 0.99.1.0 | |
| linux-pam | linux-pam | 0.99.2.0 | |
| linux-pam | linux-pam | 0.99.2.1 | |
| linux-pam | linux-pam | 0.99.3.0 | |
| linux-pam | linux-pam | 0.99.4.0 | |
| linux-pam | linux-pam | 0.99.5.0 | |
| linux-pam | linux-pam | 0.99.6.0 | |
| linux-pam | linux-pam | 0.99.6.1 | |
| linux-pam | linux-pam | 0.99.6.2 | |
| linux-pam | linux-pam | 0.99.6.3 | |
| linux-pam | linux-pam | 0.99.7.0 | |
| linux-pam | linux-pam | 0.99.7.1 | |
| linux-pam | linux-pam | 0.99.8.0 | |
| linux-pam | linux-pam | 0.99.8.1 | |
| linux-pam | linux-pam | 0.99.9.0 | |
| linux-pam | linux-pam | 0.99.10.0 | |
| linux-pam | linux-pam | 1.0.0 | |
| linux-pam | linux-pam | 1.0.1 | |
| linux-pam | linux-pam | 1.0.2 | |
| linux-pam | linux-pam | 1.0.3 | |
| linux-pam | linux-pam | 1.0.4 | |
| linux-pam | linux-pam | 1.1.0 | |
| linux-pam | linux-pam | 1.1.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:linux-pam:linux-pam:*:*:*:*:*:*:*:*",
"matchCriteriaId": "13C9E7AE-3FFF-4A41-BEB0-2E37B6000901",
"versionEndIncluding": "1.1.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linux-pam:linux-pam:0.99.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B59C70C7-FABE-4A45-A45D-2C7276D698DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linux-pam:linux-pam:0.99.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DBA50D8F-D5A8-4123-93CF-E7714571F411",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linux-pam:linux-pam:0.99.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DB8820C0-1ECB-45AD-A573-5667F0D09776",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linux-pam:linux-pam:0.99.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5D416053-0010-4B25-9F7C-6054C51C1685",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linux-pam:linux-pam:0.99.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B97AB578-0E9E-4370-8379-0CD455F2D740",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linux-pam:linux-pam:0.99.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "22A6147C-CC0A-4C9F-B9A9-E144F2133592",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linux-pam:linux-pam:0.99.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6DEF8EC8-0E0A-4C0A-95BE-FB7C23732083",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linux-pam:linux-pam:0.99.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C9A9AB1C-FDF8-4E98-8773-387E03CD93E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linux-pam:linux-pam:0.99.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8F94AA92-5854-46B9-8B3C-08FCC5B071CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linux-pam:linux-pam:0.99.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "FD5C0039-827C-45CD-99BE-95459006CA59",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linux-pam:linux-pam:0.99.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F4256C34-DBCA-4FE0-96A5-874D7F00869A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linux-pam:linux-pam:0.99.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1B2613D2-33C1-4132-AD9A-68190A59C0F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linux-pam:linux-pam:0.99.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "08FDE78F-119B-4FC8-BBFA-8048F2CF1227",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linux-pam:linux-pam:0.99.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C4A75789-F7EC-4D9C-942A-243DF92E5CA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linux-pam:linux-pam:0.99.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3753027E-D3A4-45D4-A3A3-2320C48AF6C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linux-pam:linux-pam:0.99.10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6533A629-6351-4831-BBF7-44718262FAF3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linux-pam:linux-pam:1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "516F23F9-25B3-40DB-A3CA-2F1DE0678934",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linux-pam:linux-pam:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5F3ACA7F-D247-439C-8B5E-287EC5D236AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linux-pam:linux-pam:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6A30E5C3-501D-4DAA-B7F7-E42F98DEDBF9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linux-pam:linux-pam:1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "AEC8C86C-9FC7-4838-BFD8-90431DEC4946",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linux-pam:linux-pam:1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "EBE3BF43-7402-4CC0-A329-C8597A0758C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linux-pam:linux-pam:1.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7A39C8AD-FA7C-4C64-AAB7-93CC461E73F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linux-pam:linux-pam:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1F7BA7CC-F284-40C8-998D-FC70CCAB58D9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The pam_sm_close_session function in pam_xauth.c in the pam_xauth module in Linux-PAM (aka pam) 1.1.2 and earlier does not properly handle a failure to determine a certain target uid, which might allow local users to delete unintended files by executing a program that relies on the pam_xauth PAM check."
},
{
"lang": "es",
"value": "La funci\u00f3n pam_sm_close_session en pam_xauth.c en el m\u00f3dulo pam_xauth en Linux-PAM (tambi\u00e9n conocido como pam) v1.1.2 y anteriores no maneja adecuadamente una caracter\u00edstica para determinar un cierto objetivo UID, lo que permite a usuarios locales borrar archivos no buscados ejecutando un programa que conf\u00eda en la comprobaci\u00f3n del pam_xauth PAM."
}
],
"id": "CVE-2010-4706",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 4.9,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2011-01-24T19:00:01.877",
"references": [
{
"source": "cve@mitre.org",
"url": "http://git.altlinux.org/people/ldv/packages/?p=pam.git%3Ba=commit%3Bh=Linux-PAM-1_1_2-3-g05dafc06cd3dfeb7c4b24942e4e1ae33ff75a123"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://openwall.com/lists/oss-security/2010/10/03/1"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/49711"
},
{
"source": "cve@mitre.org",
"url": "http://security.gentoo.org/glsa/glsa-201206-31.xml"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/46045"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65035"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://git.altlinux.org/people/ldv/packages/?p=pam.git%3Ba=commit%3Bh=Linux-PAM-1_1_2-3-g05dafc06cd3dfeb7c4b24942e4e1ae33ff75a123"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://openwall.com/lists/oss-security/2010/10/03/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/49711"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.gentoo.org/glsa/glsa-201206-31.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/46045"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65035"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2010-3853
Vulnerability from fkie_nvd - Published: 2011-01-24 18:00 - Updated: 2025-04-11 00:51
Severity ?
Summary
pam_namespace.c in the pam_namespace module in Linux-PAM (aka pam) before 1.1.3 uses the environment of the invoking application or service during execution of the namespace.init script, which might allow local users to gain privileges by running a setuid program that relies on the pam_namespace PAM check, as demonstrated by the sudo program.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| linux-pam | linux-pam | * | |
| linux-pam | linux-pam | 0.99.1.0 | |
| linux-pam | linux-pam | 0.99.2.0 | |
| linux-pam | linux-pam | 0.99.2.1 | |
| linux-pam | linux-pam | 0.99.3.0 | |
| linux-pam | linux-pam | 0.99.4.0 | |
| linux-pam | linux-pam | 0.99.5.0 | |
| linux-pam | linux-pam | 0.99.6.0 | |
| linux-pam | linux-pam | 0.99.6.1 | |
| linux-pam | linux-pam | 0.99.6.2 | |
| linux-pam | linux-pam | 0.99.6.3 | |
| linux-pam | linux-pam | 0.99.7.0 | |
| linux-pam | linux-pam | 0.99.7.1 | |
| linux-pam | linux-pam | 0.99.8.0 | |
| linux-pam | linux-pam | 0.99.8.1 | |
| linux-pam | linux-pam | 0.99.9.0 | |
| linux-pam | linux-pam | 0.99.10.0 | |
| linux-pam | linux-pam | 1.0.0 | |
| linux-pam | linux-pam | 1.0.1 | |
| linux-pam | linux-pam | 1.0.2 | |
| linux-pam | linux-pam | 1.0.3 | |
| linux-pam | linux-pam | 1.0.4 | |
| linux-pam | linux-pam | 1.1.0 | |
| linux-pam | linux-pam | 1.1.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:linux-pam:linux-pam:*:*:*:*:*:*:*:*",
"matchCriteriaId": "13C9E7AE-3FFF-4A41-BEB0-2E37B6000901",
"versionEndIncluding": "1.1.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linux-pam:linux-pam:0.99.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B59C70C7-FABE-4A45-A45D-2C7276D698DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linux-pam:linux-pam:0.99.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DBA50D8F-D5A8-4123-93CF-E7714571F411",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linux-pam:linux-pam:0.99.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DB8820C0-1ECB-45AD-A573-5667F0D09776",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linux-pam:linux-pam:0.99.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5D416053-0010-4B25-9F7C-6054C51C1685",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linux-pam:linux-pam:0.99.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B97AB578-0E9E-4370-8379-0CD455F2D740",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linux-pam:linux-pam:0.99.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "22A6147C-CC0A-4C9F-B9A9-E144F2133592",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linux-pam:linux-pam:0.99.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6DEF8EC8-0E0A-4C0A-95BE-FB7C23732083",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linux-pam:linux-pam:0.99.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C9A9AB1C-FDF8-4E98-8773-387E03CD93E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linux-pam:linux-pam:0.99.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8F94AA92-5854-46B9-8B3C-08FCC5B071CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linux-pam:linux-pam:0.99.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "FD5C0039-827C-45CD-99BE-95459006CA59",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linux-pam:linux-pam:0.99.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F4256C34-DBCA-4FE0-96A5-874D7F00869A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linux-pam:linux-pam:0.99.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1B2613D2-33C1-4132-AD9A-68190A59C0F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linux-pam:linux-pam:0.99.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "08FDE78F-119B-4FC8-BBFA-8048F2CF1227",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linux-pam:linux-pam:0.99.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C4A75789-F7EC-4D9C-942A-243DF92E5CA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linux-pam:linux-pam:0.99.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3753027E-D3A4-45D4-A3A3-2320C48AF6C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linux-pam:linux-pam:0.99.10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6533A629-6351-4831-BBF7-44718262FAF3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linux-pam:linux-pam:1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "516F23F9-25B3-40DB-A3CA-2F1DE0678934",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linux-pam:linux-pam:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5F3ACA7F-D247-439C-8B5E-287EC5D236AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linux-pam:linux-pam:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6A30E5C3-501D-4DAA-B7F7-E42F98DEDBF9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linux-pam:linux-pam:1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "AEC8C86C-9FC7-4838-BFD8-90431DEC4946",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linux-pam:linux-pam:1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "EBE3BF43-7402-4CC0-A329-C8597A0758C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linux-pam:linux-pam:1.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7A39C8AD-FA7C-4C64-AAB7-93CC461E73F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linux-pam:linux-pam:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1F7BA7CC-F284-40C8-998D-FC70CCAB58D9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "pam_namespace.c in the pam_namespace module in Linux-PAM (aka pam) before 1.1.3 uses the environment of the invoking application or service during execution of the namespace.init script, which might allow local users to gain privileges by running a setuid program that relies on the pam_namespace PAM check, as demonstrated by the sudo program."
},
{
"lang": "es",
"value": "pam_namespace.c en el m\u00f3dulo pam_namespace para Linux-PAM (tambi\u00e9n conocido como PAM) anterior a v1.1.3 utiliza el entorno de invocaci\u00f3n de la aplicaci\u00f3n o servicio durante la ejecuci\u00f3n de la secuencia de comandos namespace.init, lo que podr\u00eda permitir a usuarios locales obtener privilegios mediante la ejecuci\u00f3n de un programa setuid que se basa en la comprobaci\u00f3n de pam_namespace, como lo demuestra el programa sudo."
}
],
"id": "CVE-2010-3853",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 6.9,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.4,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2011-01-24T18:00:02.173",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://lists.vmware.com/pipermail/security-announce/2011/000126.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://pam.cvs.sourceforge.net/viewvc/pam/Linux-PAM/modules/pam_namespace/pam_namespace.c?view=log#rev1.13"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/49711"
},
{
"source": "secalert@redhat.com",
"url": "http://security.gentoo.org/glsa/glsa-201206-31.xml"
},
{
"source": "secalert@redhat.com",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:220"
},
{
"source": "secalert@redhat.com",
"url": "http://www.redhat.com/support/errata/RHSA-2010-0819.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.redhat.com/support/errata/RHSA-2010-0891.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/archive/1/516909/100/0/threaded"
},
{
"source": "secalert@redhat.com",
"url": "http://www.vmware.com/security/advisories/VMSA-2011-0004.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.vupen.com/english/advisories/2011/0606"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=643043"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.vmware.com/pipermail/security-announce/2011/000126.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://pam.cvs.sourceforge.net/viewvc/pam/Linux-PAM/modules/pam_namespace/pam_namespace.c?view=log#rev1.13"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/49711"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.gentoo.org/glsa/glsa-201206-31.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:220"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2010-0819.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2010-0891.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/516909/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vmware.com/security/advisories/VMSA-2011-0004.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2011/0606"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=643043"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2010-3435
Vulnerability from fkie_nvd - Published: 2011-01-24 18:00 - Updated: 2025-04-11 00:51
Severity ?
Summary
The (1) pam_env and (2) pam_mail modules in Linux-PAM (aka pam) before 1.1.2 use root privileges during read access to files and directories that belong to arbitrary user accounts, which might allow local users to obtain sensitive information by leveraging this filesystem activity, as demonstrated by a symlink attack on the .pam_environment file in a user's home directory.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| linux-pam | linux-pam | * | |
| linux-pam | linux-pam | 0.99.1.0 | |
| linux-pam | linux-pam | 0.99.2.0 | |
| linux-pam | linux-pam | 0.99.2.1 | |
| linux-pam | linux-pam | 0.99.3.0 | |
| linux-pam | linux-pam | 0.99.4.0 | |
| linux-pam | linux-pam | 0.99.5.0 | |
| linux-pam | linux-pam | 0.99.6.0 | |
| linux-pam | linux-pam | 0.99.6.1 | |
| linux-pam | linux-pam | 0.99.6.2 | |
| linux-pam | linux-pam | 0.99.6.3 | |
| linux-pam | linux-pam | 0.99.7.0 | |
| linux-pam | linux-pam | 0.99.7.1 | |
| linux-pam | linux-pam | 0.99.8.0 | |
| linux-pam | linux-pam | 0.99.8.1 | |
| linux-pam | linux-pam | 0.99.9.0 | |
| linux-pam | linux-pam | 0.99.10.0 | |
| linux-pam | linux-pam | 1.0.0 | |
| linux-pam | linux-pam | 1.0.1 | |
| linux-pam | linux-pam | 1.0.2 | |
| linux-pam | linux-pam | 1.0.3 | |
| linux-pam | linux-pam | 1.0.4 | |
| linux-pam | linux-pam | 1.1.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:linux-pam:linux-pam:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D45AB07D-A1B8-4BC0-A249-A594D7895B78",
"versionEndIncluding": "1.1.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linux-pam:linux-pam:0.99.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B59C70C7-FABE-4A45-A45D-2C7276D698DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linux-pam:linux-pam:0.99.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DBA50D8F-D5A8-4123-93CF-E7714571F411",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linux-pam:linux-pam:0.99.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DB8820C0-1ECB-45AD-A573-5667F0D09776",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linux-pam:linux-pam:0.99.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5D416053-0010-4B25-9F7C-6054C51C1685",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linux-pam:linux-pam:0.99.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B97AB578-0E9E-4370-8379-0CD455F2D740",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linux-pam:linux-pam:0.99.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "22A6147C-CC0A-4C9F-B9A9-E144F2133592",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linux-pam:linux-pam:0.99.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6DEF8EC8-0E0A-4C0A-95BE-FB7C23732083",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linux-pam:linux-pam:0.99.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C9A9AB1C-FDF8-4E98-8773-387E03CD93E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linux-pam:linux-pam:0.99.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8F94AA92-5854-46B9-8B3C-08FCC5B071CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linux-pam:linux-pam:0.99.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "FD5C0039-827C-45CD-99BE-95459006CA59",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linux-pam:linux-pam:0.99.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F4256C34-DBCA-4FE0-96A5-874D7F00869A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linux-pam:linux-pam:0.99.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1B2613D2-33C1-4132-AD9A-68190A59C0F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linux-pam:linux-pam:0.99.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "08FDE78F-119B-4FC8-BBFA-8048F2CF1227",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linux-pam:linux-pam:0.99.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C4A75789-F7EC-4D9C-942A-243DF92E5CA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linux-pam:linux-pam:0.99.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3753027E-D3A4-45D4-A3A3-2320C48AF6C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linux-pam:linux-pam:0.99.10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6533A629-6351-4831-BBF7-44718262FAF3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linux-pam:linux-pam:1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "516F23F9-25B3-40DB-A3CA-2F1DE0678934",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linux-pam:linux-pam:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5F3ACA7F-D247-439C-8B5E-287EC5D236AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linux-pam:linux-pam:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6A30E5C3-501D-4DAA-B7F7-E42F98DEDBF9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linux-pam:linux-pam:1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "AEC8C86C-9FC7-4838-BFD8-90431DEC4946",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linux-pam:linux-pam:1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "EBE3BF43-7402-4CC0-A329-C8597A0758C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linux-pam:linux-pam:1.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7A39C8AD-FA7C-4C64-AAB7-93CC461E73F2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The (1) pam_env and (2) pam_mail modules in Linux-PAM (aka pam) before 1.1.2 use root privileges during read access to files and directories that belong to arbitrary user accounts, which might allow local users to obtain sensitive information by leveraging this filesystem activity, as demonstrated by a symlink attack on the .pam_environment file in a user\u0027s home directory."
},
{
"lang": "es",
"value": "Los m\u00f3dulos pam_env (1) y (2) pam_mail de Linux-PAM en versiones anteriores a v1.1.2 utiliza privilegios de root durante el acceso de lectura a los archivos y directorios que pertenecen a cuentas de usuario arbitrarias, lo que podr\u00eda permitir a usuarios locales obtener informaci\u00f3n sensible de aprovechando esta actividad en el sistema de archivos, como se demuestra por un ataque de enlace simb\u00f3lico en el archivo pam_environment. en el directorio home del usuario."
}
],
"id": "CVE-2010-3435",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.7,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:M/Au:N/C:C/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.4,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2011-01-24T18:00:02.033",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://git.altlinux.org/people/ldv/packages/?p=pam.git%3Ba=commit%3Bh=06f882f30092a39a1db867c9744b2ca8d60e4ad6"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.vmware.com/pipermail/security-announce/2011/000126.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://openwall.com/lists/oss-security/2010/09/21/3"
},
{
"source": "secalert@redhat.com",
"url": "http://openwall.com/lists/oss-security/2010/09/27/10"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://openwall.com/lists/oss-security/2010/09/27/4"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://openwall.com/lists/oss-security/2010/09/27/5"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://openwall.com/lists/oss-security/2010/09/27/7"
},
{
"source": "secalert@redhat.com",
"url": "http://openwall.com/lists/oss-security/2010/09/27/8"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://openwall.com/lists/oss-security/2010/10/25/2"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/49711"
},
{
"source": "secalert@redhat.com",
"url": "http://security.gentoo.org/glsa/glsa-201206-31.xml"
},
{
"source": "secalert@redhat.com",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:220"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2010/09/24/2"
},
{
"source": "secalert@redhat.com",
"url": "http://www.redhat.com/support/errata/RHSA-2010-0819.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.redhat.com/support/errata/RHSA-2010-0891.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/archive/1/516909/100/0/threaded"
},
{
"source": "secalert@redhat.com",
"url": "http://www.vmware.com/security/advisories/VMSA-2011-0004.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.vupen.com/english/advisories/2011/0606"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=641335"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://git.altlinux.org/people/ldv/packages/?p=pam.git%3Ba=commit%3Bh=06f882f30092a39a1db867c9744b2ca8d60e4ad6"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.vmware.com/pipermail/security-announce/2011/000126.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://openwall.com/lists/oss-security/2010/09/21/3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2010/09/27/10"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://openwall.com/lists/oss-security/2010/09/27/4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://openwall.com/lists/oss-security/2010/09/27/5"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://openwall.com/lists/oss-security/2010/09/27/7"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2010/09/27/8"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://openwall.com/lists/oss-security/2010/10/25/2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/49711"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.gentoo.org/glsa/glsa-201206-31.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:220"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2010/09/24/2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2010-0819.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2010-0891.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/516909/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vmware.com/security/advisories/VMSA-2011-0004.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2011/0606"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=641335"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2010-3430
Vulnerability from fkie_nvd - Published: 2011-01-24 18:00 - Updated: 2025-04-11 00:51
Severity ?
Summary
The privilege-dropping implementation in the (1) pam_env and (2) pam_mail modules in Linux-PAM (aka pam) 1.1.2 does not perform the required setfsgid and setgroups system calls, which might allow local users to obtain sensitive information by leveraging unintended group permissions, as demonstrated by a symlink attack on the .pam_environment file in a user's home directory. NOTE: this vulnerability exists because of an incomplete fix for CVE-2010-3435.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:linux-pam:linux-pam:1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "56F68CBA-E64A-4085-8902-5EBF9A5349D6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The privilege-dropping implementation in the (1) pam_env and (2) pam_mail modules in Linux-PAM (aka pam) 1.1.2 does not perform the required setfsgid and setgroups system calls, which might allow local users to obtain sensitive information by leveraging unintended group permissions, as demonstrated by a symlink attack on the .pam_environment file in a user\u0027s home directory. NOTE: this vulnerability exists because of an incomplete fix for CVE-2010-3435."
},
{
"lang": "es",
"value": "La implementaci\u00f3n de la escalada de privilegios en los m\u00f3dulos pam_env (1) y (2) pam_mail de Linux-PAM (tambi\u00e9n conocido como pam) v1.1.2 no realiza la setfsgid requiere y pide setgroups sistema, que podr\u00eda permitir a usuarios locales obtener informaci\u00f3n sensible mediante el aprovechamiento de permisos de grupo no deseados, como lo demuestra un ataque de enlace simb\u00f3lico en el archivo pam_environment en el directorio home del usuario. NOTA: esta vulnerabilidad existe debido a una soluci\u00f3n incompleta para CVE-2010-3435."
}
],
"id": "CVE-2010-3430",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.7,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:M/Au:N/C:C/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.4,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2011-01-24T18:00:01.907",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://git.altlinux.org/people/ldv/packages/?p=pam.git%3Ba=commit%3Bh=843807a3a90f52e7538be756616510730a24739a"
},
{
"source": "secalert@redhat.com",
"url": "http://openwall.com/lists/oss-security/2010/09/21/10"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://openwall.com/lists/oss-security/2010/09/21/3"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://openwall.com/lists/oss-security/2010/09/21/8"
},
{
"source": "secalert@redhat.com",
"url": "http://openwall.com/lists/oss-security/2010/09/21/9"
},
{
"source": "secalert@redhat.com",
"url": "http://openwall.com/lists/oss-security/2010/09/27/10"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://openwall.com/lists/oss-security/2010/09/27/4"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://openwall.com/lists/oss-security/2010/09/27/5"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://openwall.com/lists/oss-security/2010/09/27/7"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://openwall.com/lists/oss-security/2010/10/03/1"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://openwall.com/lists/oss-security/2010/10/25/2"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/49711"
},
{
"source": "secalert@redhat.com",
"url": "http://security.gentoo.org/glsa/glsa-201206-31.xml"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2010/09/21/11"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2010/09/24/2"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=641361"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://git.altlinux.org/people/ldv/packages/?p=pam.git%3Ba=commit%3Bh=843807a3a90f52e7538be756616510730a24739a"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2010/09/21/10"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://openwall.com/lists/oss-security/2010/09/21/3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://openwall.com/lists/oss-security/2010/09/21/8"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2010/09/21/9"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2010/09/27/10"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://openwall.com/lists/oss-security/2010/09/27/4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://openwall.com/lists/oss-security/2010/09/27/5"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://openwall.com/lists/oss-security/2010/09/27/7"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://openwall.com/lists/oss-security/2010/10/03/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://openwall.com/lists/oss-security/2010/10/25/2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/49711"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.gentoo.org/glsa/glsa-201206-31.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2010/09/21/11"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2010/09/24/2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=641361"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2024-10041 (GCVE-0-2024-10041)
Vulnerability from cvelistv5 – Published: 2024-10-23 13:46 – Updated: 2025-11-20 18:11
VLAI?
Summary
A vulnerability was found in PAM. The secret information is stored in memory, where the attacker can trigger the victim program to execute by sending characters to its standard input (stdin). As this occurs, the attacker can train the branch predictor to execute an ROP chain speculatively. This flaw could result in leaked passwords, such as those found in /etc/shadow while performing authentications.
Severity ?
4.7 (Medium)
CWE
- CWE-922 - Insecure Storage of Sensitive Information
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
Affected:
1.6.0 , < 1.6.0
(semver)
|
||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-10041",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-23T14:35:15.520510Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-922",
"description": "CWE-922 Insecure Storage of Sensitive Information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-04T17:03:47.703Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://github.com/linux-pam/linux-pam",
"defaultStatus": "unaffected",
"packageName": "pam",
"versions": [
{
"lessThan": "1.6.0",
"status": "affected",
"version": "1.6.0",
"versionType": "semver"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:8::baseos"
],
"defaultStatus": "affected",
"packageName": "pam",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.3.1-36.el8_10",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:enterprise_linux:9::appstream",
"cpe:/o:redhat:enterprise_linux:9::baseos"
],
"defaultStatus": "affected",
"packageName": "pam",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.5.1-21.el9_5",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:enterprise_linux:9::appstream",
"cpe:/o:redhat:enterprise_linux:9::baseos"
],
"defaultStatus": "affected",
"packageName": "pam",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.5.1-21.el9_5",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:rhel_eus:9.4::baseos",
"cpe:/a:redhat:rhel_eus:9.4::appstream"
],
"defaultStatus": "affected",
"packageName": "pam",
"product": "Red Hat Enterprise Linux 9.4 Extended Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.5.1-21.el9_4",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:10"
],
"defaultStatus": "unaffected",
"packageName": "pam",
"product": "Red Hat Enterprise Linux 10",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:7"
],
"defaultStatus": "unknown",
"packageName": "pam",
"product": "Red Hat Enterprise Linux 7",
"vendor": "Red Hat"
}
],
"datePublic": "2024-10-18T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in PAM. The secret information is stored in memory, where the attacker can trigger the victim program to execute by sending characters to its standard input (stdin). As this occurs, the attacker can train the branch predictor to execute an ROP chain speculatively. This flaw could result in leaked passwords, such as those found in /etc/shadow while performing authentications."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Moderate"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-922",
"description": "Insecure Storage of Sensitive Information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-20T18:11:42.832Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "RHSA-2024:10379",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:10379"
},
{
"name": "RHSA-2024:11250",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:11250"
},
{
"name": "RHSA-2024:9941",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:9941"
},
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2024-10041"
},
{
"name": "RHBZ#2319212",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2319212"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-10-16T15:08:30.331000+00:00",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2024-10-18T00:00:00+00:00",
"value": "Made public."
}
],
"title": "Pam: libpam: libpam vulnerable to read hashed password",
"workarounds": [
{
"lang": "en",
"value": "This vulnerability is mitigated if SELinux is in Enforcing mode.\n\nTo verify if SELinux is in Enforcing mode, the output of the `getenforce` command will return `Enforcing\u0027, see the example below:\n\n~~~\n$ getenforce\nEnforcing\n~~~\n\nTo more information about SELinux, specifically how to set it to Enforcing mode, see the links below.\n\nhttps://docs.redhat.com/en/documentation/red_hat_enterprise_linux/8/html-single/using_selinux/index#changing-to-enforcing-mode_changing-selinux-states-and-modes\nhttps://docs.redhat.com/en/documentation/red_hat_enterprise_linux/9/html-single/using_selinux/index#changing-to-enforcing-mode_changing-selinux-states-and-modes"
}
],
"x_redhatCweChain": "CWE-922: Insecure Storage of Sensitive Information"
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2024-10041",
"datePublished": "2024-10-23T13:46:27.963Z",
"dateReserved": "2024-10-16T16:13:54.632Z",
"dateUpdated": "2025-11-20T18:11:42.832Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-22365 (GCVE-0-2024-22365)
Vulnerability from cvelistv5 – Published: 2024-02-06 00:00 – Updated: 2025-11-03 18:08
VLAI?
Summary
linux-pam (aka Linux PAM) before 1.6.0 allows attackers to cause a denial of service (blocked login process) via mkfifo because the openat call (for protect_dir) lacks O_DIRECTORY.
Severity ?
5.5 (Medium)
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-22365",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-02-15T21:07:13.510998Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-664",
"description": "CWE-664 Improper Control of a Resource Through its Lifetime",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-05T16:13:13.334Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T18:08:12.740Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/linux-pam/linux-pam"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2024/01/18/3"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/linux-pam/linux-pam/releases/tag/v1.6.0"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/linux-pam/linux-pam/commit/031bb5a5d0d950253b68138b498dc93be69a64cb"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2025/09/msg00021.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "linux-pam (aka Linux PAM) before 1.6.0 allows attackers to cause a denial of service (blocked login process) via mkfifo because the openat call (for protect_dir) lacks O_DIRECTORY."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-06T07:26:23.317Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/linux-pam/linux-pam"
},
{
"url": "http://www.openwall.com/lists/oss-security/2024/01/18/3"
},
{
"url": "https://github.com/linux-pam/linux-pam/releases/tag/v1.6.0"
},
{
"url": "https://github.com/linux-pam/linux-pam/commit/031bb5a5d0d950253b68138b498dc93be69a64cb"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2024-22365",
"datePublished": "2024-02-06T00:00:00.000Z",
"dateReserved": "2024-01-09T00:00:00.000Z",
"dateUpdated": "2025-11-03T18:08:12.740Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2022-28321 (GCVE-0-2022-28321)
Vulnerability from cvelistv5 – Published: 2022-09-19 21:10 – Updated: 2025-05-29 15:30
VLAI?
Summary
The Linux-PAM package before 1.5.2-6.1 for openSUSE Tumbleweed allows authentication bypass for SSH logins. The pam_access.so module doesn't correctly restrict login if a user tries to connect from an IP address that is not resolvable via DNS. In such conditions, a user with denied access to a machine can still get access. NOTE: the relevance of this issue is largely limited to openSUSE Tumbleweed and openSUSE Factory; it does not affect Linux-PAM upstream.
Severity ?
9.8 (Critical)
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T05:48:37.939Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://download.opensuse.org/source/distribution/openSUSE-current/repo/oss/src/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.suse.com/security/cve/CVE-2022-28321.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1197654"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-28321",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-29T15:30:31.022148Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "CWE-287 Improper Authentication",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-29T15:30:36.688Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The Linux-PAM package before 1.5.2-6.1 for openSUSE Tumbleweed allows authentication bypass for SSH logins. The pam_access.so module doesn\u0027t correctly restrict login if a user tries to connect from an IP address that is not resolvable via DNS. In such conditions, a user with denied access to a machine can still get access. NOTE: the relevance of this issue is largely limited to openSUSE Tumbleweed and openSUSE Factory; it does not affect Linux-PAM upstream."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-09-19T21:10:22.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://download.opensuse.org/source/distribution/openSUSE-current/repo/oss/src/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.suse.com/security/cve/CVE-2022-28321.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1197654"
}
],
"source": {
"discovery": "INTERNAL"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-28321",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Linux-PAM package before 1.5.2-6.1 for openSUSE Tumbleweed allows authentication bypass for SSH logins. The pam_access.so module doesn\u0027t correctly restrict login if a user tries to connect from an IP address that is not resolvable via DNS. In such conditions, a user with denied access to a machine can still get access. NOTE: the relevance of this issue is largely limited to openSUSE Tumbleweed and openSUSE Factory; it does not affect Linux-PAM upstream."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://download.opensuse.org/source/distribution/openSUSE-current/repo/oss/src/",
"refsource": "MISC",
"url": "http://download.opensuse.org/source/distribution/openSUSE-current/repo/oss/src/"
},
{
"name": "https://www.suse.com/security/cve/CVE-2022-28321.html",
"refsource": "MISC",
"url": "https://www.suse.com/security/cve/CVE-2022-28321.html"
},
{
"name": "https://bugzilla.suse.com/show_bug.cgi?id=1197654",
"refsource": "MISC",
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1197654"
}
]
},
"source": {
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-28321",
"datePublished": "2022-09-19T21:10:22.000Z",
"dateReserved": "2022-04-01T00:00:00.000Z",
"dateUpdated": "2025-05-29T15:30:36.688Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-27780 (GCVE-0-2020-27780)
Vulnerability from cvelistv5 – Published: 2020-12-17 23:55 – Updated: 2024-08-04 16:25
VLAI?
Summary
A flaw was found in Linux-Pam in versions prior to 1.5.1 in the way it handle empty passwords for non-existing users. When the user doesn't exist PAM try to authenticate with root and in the case of an empty password it successfully authenticate.
Severity ?
No CVSS data available.
CWE
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T16:25:42.438Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1901094"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "pam",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "pam 1.5.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in Linux-Pam in versions prior to 1.5.1 in the way it handle empty passwords for non-existing users. When the user doesn\u0027t exist PAM try to authenticate with root and in the case of an empty password it successfully authenticate."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "CWE-287",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-12-17T23:55:45",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1901094"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2020-27780",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "pam",
"version": {
"version_data": [
{
"version_value": "pam 1.5.1"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A flaw was found in Linux-Pam in versions prior to 1.5.1 in the way it handle empty passwords for non-existing users. When the user doesn\u0027t exist PAM try to authenticate with root and in the case of an empty password it successfully authenticate."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-287"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1901094",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1901094"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2020-27780",
"datePublished": "2020-12-17T23:55:45",
"dateReserved": "2020-10-27T00:00:00",
"dateUpdated": "2024-08-04T16:25:42.438Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-3238 (GCVE-0-2015-3238)
Vulnerability from cvelistv5 – Published: 2015-08-24 14:00 – Updated: 2024-08-06 05:39
VLAI?
Summary
The _unix_run_helper_binary function in the pam_unix module in Linux-PAM (aka pam) before 1.2.1, when unable to directly access passwords, allows local users to enumerate usernames or cause a denial of service (hang) via a large password.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T05:39:32.046Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "FEDORA-2015-10830",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-June/161249.html"
},
{
"name": "RHSA-2015:1640",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-1640.html"
},
{
"name": "[oss-security] 20150625 Linux-PAM 1.2.1 released to address CVE-2015-3238",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2015/06/25/13"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1228571"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.trustwave.com/Resources/Security-Advisories/Advisories/TWSL2015-011/?fid=6551"
},
{
"name": "GLSA-201605-05",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201605-05"
},
{
"name": "USN-2935-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2935-2"
},
{
"name": "USN-2935-3",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2935-3"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html"
},
{
"name": "USN-2935-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2935-1"
},
{
"name": "FEDORA-2015-10848",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-July/161350.html"
},
{
"name": "75428",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/75428"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.trustwave.com/Resources/SpiderLabs-Blog/Username-Enumeration-against-OpenSSH-SELinux-with-CVE-2015-3238/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-06-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The _unix_run_helper_binary function in the pam_unix module in Linux-PAM (aka pam) before 1.2.1, when unable to directly access passwords, allows local users to enumerate usernames or cause a denial of service (hang) via a large password."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-01T15:57:02",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "FEDORA-2015-10830",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-June/161249.html"
},
{
"name": "RHSA-2015:1640",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-1640.html"
},
{
"name": "[oss-security] 20150625 Linux-PAM 1.2.1 released to address CVE-2015-3238",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2015/06/25/13"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1228571"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.trustwave.com/Resources/Security-Advisories/Advisories/TWSL2015-011/?fid=6551"
},
{
"name": "GLSA-201605-05",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201605-05"
},
{
"name": "USN-2935-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2935-2"
},
{
"name": "USN-2935-3",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2935-3"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html"
},
{
"name": "USN-2935-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2935-1"
},
{
"name": "FEDORA-2015-10848",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-July/161350.html"
},
{
"name": "75428",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/75428"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.trustwave.com/Resources/SpiderLabs-Blog/Username-Enumeration-against-OpenSSH-SELinux-with-CVE-2015-3238/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2015-3238",
"datePublished": "2015-08-24T14:00:00",
"dateReserved": "2015-04-10T00:00:00",
"dateUpdated": "2024-08-06T05:39:32.046Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-2583 (GCVE-0-2014-2583)
Vulnerability from cvelistv5 – Published: 2014-04-10 14:00 – Updated: 2024-08-06 10:21
VLAI?
Summary
Multiple directory traversal vulnerabilities in pam_timestamp.c in the pam_timestamp module for Linux-PAM (aka pam) 1.1.8 allow local users to create arbitrary files or possibly bypass authentication via a .. (dot dot) in the (1) PAM_RUSER value to the get_ruser function or (2) PAM_TTY value to the check_tty function, which is used by the format_timestamp_name function.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T10:21:35.162Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20140324 pam_timestamp internals",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2014/03/24/5"
},
{
"name": "66493",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/66493"
},
{
"name": "GLSA-201605-05",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201605-05"
},
{
"name": "57317",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/57317"
},
{
"name": "USN-2935-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2935-2"
},
{
"name": "[oss-security] 20140331 Re: pam_timestamp internals",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2014/03/31/6"
},
{
"name": "USN-2935-3",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2935-3"
},
{
"name": "USN-2935-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2935-1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://git.fedorahosted.org/cgit/linux-pam.git/commit/?id=Linux-PAM-1_1_8-32-g9dcead8"
},
{
"name": "[oss-security] 20140326 Re: pam_timestamp internals",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2014/03/26/10"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-03-24T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple directory traversal vulnerabilities in pam_timestamp.c in the pam_timestamp module for Linux-PAM (aka pam) 1.1.8 allow local users to create arbitrary files or possibly bypass authentication via a .. (dot dot) in the (1) PAM_RUSER value to the get_ruser function or (2) PAM_TTY value to the check_tty function, which is used by the format_timestamp_name function."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-01T15:57:02",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[oss-security] 20140324 pam_timestamp internals",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2014/03/24/5"
},
{
"name": "66493",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/66493"
},
{
"name": "GLSA-201605-05",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201605-05"
},
{
"name": "57317",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/57317"
},
{
"name": "USN-2935-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2935-2"
},
{
"name": "[oss-security] 20140331 Re: pam_timestamp internals",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2014/03/31/6"
},
{
"name": "USN-2935-3",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2935-3"
},
{
"name": "USN-2935-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2935-1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://git.fedorahosted.org/cgit/linux-pam.git/commit/?id=Linux-PAM-1_1_8-32-g9dcead8"
},
{
"name": "[oss-security] 20140326 Re: pam_timestamp internals",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2014/03/26/10"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-2583",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple directory traversal vulnerabilities in pam_timestamp.c in the pam_timestamp module for Linux-PAM (aka pam) 1.1.8 allow local users to create arbitrary files or possibly bypass authentication via a .. (dot dot) in the (1) PAM_RUSER value to the get_ruser function or (2) PAM_TTY value to the check_tty function, which is used by the format_timestamp_name function."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20140324 pam_timestamp internals",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2014/03/24/5"
},
{
"name": "66493",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/66493"
},
{
"name": "GLSA-201605-05",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201605-05"
},
{
"name": "57317",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/57317"
},
{
"name": "USN-2935-2",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2935-2"
},
{
"name": "[oss-security] 20140331 Re: pam_timestamp internals",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2014/03/31/6"
},
{
"name": "USN-2935-3",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2935-3"
},
{
"name": "USN-2935-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2935-1"
},
{
"name": "https://git.fedorahosted.org/cgit/linux-pam.git/commit/?id=Linux-PAM-1_1_8-32-g9dcead8",
"refsource": "CONFIRM",
"url": "https://git.fedorahosted.org/cgit/linux-pam.git/commit/?id=Linux-PAM-1_1_8-32-g9dcead8"
},
{
"name": "[oss-security] 20140326 Re: pam_timestamp internals",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2014/03/26/10"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-2583",
"datePublished": "2014-04-10T14:00:00",
"dateReserved": "2014-03-21T00:00:00",
"dateUpdated": "2024-08-06T10:21:35.162Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-3148 (GCVE-0-2011-3148)
Vulnerability from cvelistv5 – Published: 2012-07-22 17:00 – Updated: 2024-08-06 23:22
VLAI?
Summary
Stack-based buffer overflow in the _assemble_line function in modules/pam_env/pam_env.c in Linux-PAM (aka pam) before 1.1.5 allows local users to cause a denial of service (crash) and possibly execute arbitrary code via a long string of white spaces at the beginning of the ~/.pam_environment file.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T23:22:27.612Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.launchpad.net/ubuntu/+source/pam/+bug/874469"
},
{
"name": "GLSA-201206-31",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-201206-31.xml"
},
{
"name": "USN-1237-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-1237-1"
},
{
"name": "46583",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/46583"
},
{
"name": "49711",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/49711"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.fedorahosted.org/git/?p=linux-pam.git%3Ba=commitdiff%3Bh=caf5e7f61c8d9288daa49b4f61962e6b1239121d"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-10-24T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in the _assemble_line function in modules/pam_env/pam_env.c in Linux-PAM (aka pam) before 1.1.5 allows local users to cause a denial of service (crash) and possibly execute arbitrary code via a long string of white spaces at the beginning of the ~/.pam_environment file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-02-26T14:57:02",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.launchpad.net/ubuntu/+source/pam/+bug/874469"
},
{
"name": "GLSA-201206-31",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-201206-31.xml"
},
{
"name": "USN-1237-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-1237-1"
},
{
"name": "46583",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/46583"
},
{
"name": "49711",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/49711"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.fedorahosted.org/git/?p=linux-pam.git%3Ba=commitdiff%3Bh=caf5e7f61c8d9288daa49b4f61962e6b1239121d"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-3148",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in the _assemble_line function in modules/pam_env/pam_env.c in Linux-PAM (aka pam) before 1.1.5 allows local users to cause a denial of service (crash) and possibly execute arbitrary code via a long string of white spaces at the beginning of the ~/.pam_environment file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugs.launchpad.net/ubuntu/+source/pam/+bug/874469",
"refsource": "CONFIRM",
"url": "https://bugs.launchpad.net/ubuntu/+source/pam/+bug/874469"
},
{
"name": "GLSA-201206-31",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-201206-31.xml"
},
{
"name": "USN-1237-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1237-1"
},
{
"name": "46583",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/46583"
},
{
"name": "49711",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/49711"
},
{
"name": "http://git.fedorahosted.org/git/?p=linux-pam.git;a=commitdiff;h=caf5e7f61c8d9288daa49b4f61962e6b1239121d",
"refsource": "CONFIRM",
"url": "http://git.fedorahosted.org/git/?p=linux-pam.git;a=commitdiff;h=caf5e7f61c8d9288daa49b4f61962e6b1239121d"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-3148",
"datePublished": "2012-07-22T17:00:00",
"dateReserved": "2011-08-16T00:00:00",
"dateUpdated": "2024-08-06T23:22:27.612Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-3149 (GCVE-0-2011-3149)
Vulnerability from cvelistv5 – Published: 2012-07-22 17:00 – Updated: 2024-08-06 23:22
VLAI?
Summary
The _expand_arg function in the pam_env module (modules/pam_env/pam_env.c) in Linux-PAM (aka pam) before 1.1.5 does not properly handle when environment variable expansion can overflow, which allows local users to cause a denial of service (CPU consumption).
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T23:22:27.630Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "GLSA-201206-31",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-201206-31.xml"
},
{
"name": "USN-1237-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-1237-1"
},
{
"name": "46583",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/46583"
},
{
"name": "49711",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/49711"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.launchpad.net/ubuntu/+source/pam/+bug/874565"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.fedorahosted.org/git/?p=linux-pam.git%3Ba=commitdiff%3Bh=109823cb621c900c07c4b6cdc99070d354d19444"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-10-24T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The _expand_arg function in the pam_env module (modules/pam_env/pam_env.c) in Linux-PAM (aka pam) before 1.1.5 does not properly handle when environment variable expansion can overflow, which allows local users to cause a denial of service (CPU consumption)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-02-26T14:57:02",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "GLSA-201206-31",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-201206-31.xml"
},
{
"name": "USN-1237-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-1237-1"
},
{
"name": "46583",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/46583"
},
{
"name": "49711",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/49711"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.launchpad.net/ubuntu/+source/pam/+bug/874565"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.fedorahosted.org/git/?p=linux-pam.git%3Ba=commitdiff%3Bh=109823cb621c900c07c4b6cdc99070d354d19444"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-3149",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The _expand_arg function in the pam_env module (modules/pam_env/pam_env.c) in Linux-PAM (aka pam) before 1.1.5 does not properly handle when environment variable expansion can overflow, which allows local users to cause a denial of service (CPU consumption)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "GLSA-201206-31",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-201206-31.xml"
},
{
"name": "USN-1237-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1237-1"
},
{
"name": "46583",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/46583"
},
{
"name": "49711",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/49711"
},
{
"name": "https://bugs.launchpad.net/ubuntu/+source/pam/+bug/874565",
"refsource": "CONFIRM",
"url": "https://bugs.launchpad.net/ubuntu/+source/pam/+bug/874565"
},
{
"name": "http://git.fedorahosted.org/git/?p=linux-pam.git;a=commitdiff;h=109823cb621c900c07c4b6cdc99070d354d19444",
"refsource": "CONFIRM",
"url": "http://git.fedorahosted.org/git/?p=linux-pam.git;a=commitdiff;h=109823cb621c900c07c4b6cdc99070d354d19444"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-3149",
"datePublished": "2012-07-22T17:00:00",
"dateReserved": "2011-08-16T00:00:00",
"dateUpdated": "2024-08-06T23:22:27.630Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-10041 (GCVE-0-2024-10041)
Vulnerability from nvd – Published: 2024-10-23 13:46 – Updated: 2025-11-20 18:11
VLAI?
Summary
A vulnerability was found in PAM. The secret information is stored in memory, where the attacker can trigger the victim program to execute by sending characters to its standard input (stdin). As this occurs, the attacker can train the branch predictor to execute an ROP chain speculatively. This flaw could result in leaked passwords, such as those found in /etc/shadow while performing authentications.
Severity ?
4.7 (Medium)
CWE
- CWE-922 - Insecure Storage of Sensitive Information
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
Affected:
1.6.0 , < 1.6.0
(semver)
|
||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-10041",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-23T14:35:15.520510Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-922",
"description": "CWE-922 Insecure Storage of Sensitive Information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-04T17:03:47.703Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://github.com/linux-pam/linux-pam",
"defaultStatus": "unaffected",
"packageName": "pam",
"versions": [
{
"lessThan": "1.6.0",
"status": "affected",
"version": "1.6.0",
"versionType": "semver"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:8::baseos"
],
"defaultStatus": "affected",
"packageName": "pam",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.3.1-36.el8_10",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:enterprise_linux:9::appstream",
"cpe:/o:redhat:enterprise_linux:9::baseos"
],
"defaultStatus": "affected",
"packageName": "pam",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.5.1-21.el9_5",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:enterprise_linux:9::appstream",
"cpe:/o:redhat:enterprise_linux:9::baseos"
],
"defaultStatus": "affected",
"packageName": "pam",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.5.1-21.el9_5",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:rhel_eus:9.4::baseos",
"cpe:/a:redhat:rhel_eus:9.4::appstream"
],
"defaultStatus": "affected",
"packageName": "pam",
"product": "Red Hat Enterprise Linux 9.4 Extended Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.5.1-21.el9_4",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:10"
],
"defaultStatus": "unaffected",
"packageName": "pam",
"product": "Red Hat Enterprise Linux 10",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:7"
],
"defaultStatus": "unknown",
"packageName": "pam",
"product": "Red Hat Enterprise Linux 7",
"vendor": "Red Hat"
}
],
"datePublic": "2024-10-18T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in PAM. The secret information is stored in memory, where the attacker can trigger the victim program to execute by sending characters to its standard input (stdin). As this occurs, the attacker can train the branch predictor to execute an ROP chain speculatively. This flaw could result in leaked passwords, such as those found in /etc/shadow while performing authentications."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Moderate"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-922",
"description": "Insecure Storage of Sensitive Information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-20T18:11:42.832Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "RHSA-2024:10379",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:10379"
},
{
"name": "RHSA-2024:11250",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:11250"
},
{
"name": "RHSA-2024:9941",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:9941"
},
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2024-10041"
},
{
"name": "RHBZ#2319212",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2319212"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-10-16T15:08:30.331000+00:00",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2024-10-18T00:00:00+00:00",
"value": "Made public."
}
],
"title": "Pam: libpam: libpam vulnerable to read hashed password",
"workarounds": [
{
"lang": "en",
"value": "This vulnerability is mitigated if SELinux is in Enforcing mode.\n\nTo verify if SELinux is in Enforcing mode, the output of the `getenforce` command will return `Enforcing\u0027, see the example below:\n\n~~~\n$ getenforce\nEnforcing\n~~~\n\nTo more information about SELinux, specifically how to set it to Enforcing mode, see the links below.\n\nhttps://docs.redhat.com/en/documentation/red_hat_enterprise_linux/8/html-single/using_selinux/index#changing-to-enforcing-mode_changing-selinux-states-and-modes\nhttps://docs.redhat.com/en/documentation/red_hat_enterprise_linux/9/html-single/using_selinux/index#changing-to-enforcing-mode_changing-selinux-states-and-modes"
}
],
"x_redhatCweChain": "CWE-922: Insecure Storage of Sensitive Information"
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2024-10041",
"datePublished": "2024-10-23T13:46:27.963Z",
"dateReserved": "2024-10-16T16:13:54.632Z",
"dateUpdated": "2025-11-20T18:11:42.832Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-22365 (GCVE-0-2024-22365)
Vulnerability from nvd – Published: 2024-02-06 00:00 – Updated: 2025-11-03 18:08
VLAI?
Summary
linux-pam (aka Linux PAM) before 1.6.0 allows attackers to cause a denial of service (blocked login process) via mkfifo because the openat call (for protect_dir) lacks O_DIRECTORY.
Severity ?
5.5 (Medium)
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-22365",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-02-15T21:07:13.510998Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-664",
"description": "CWE-664 Improper Control of a Resource Through its Lifetime",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-05T16:13:13.334Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T18:08:12.740Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/linux-pam/linux-pam"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2024/01/18/3"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/linux-pam/linux-pam/releases/tag/v1.6.0"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/linux-pam/linux-pam/commit/031bb5a5d0d950253b68138b498dc93be69a64cb"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2025/09/msg00021.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "linux-pam (aka Linux PAM) before 1.6.0 allows attackers to cause a denial of service (blocked login process) via mkfifo because the openat call (for protect_dir) lacks O_DIRECTORY."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-06T07:26:23.317Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/linux-pam/linux-pam"
},
{
"url": "http://www.openwall.com/lists/oss-security/2024/01/18/3"
},
{
"url": "https://github.com/linux-pam/linux-pam/releases/tag/v1.6.0"
},
{
"url": "https://github.com/linux-pam/linux-pam/commit/031bb5a5d0d950253b68138b498dc93be69a64cb"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2024-22365",
"datePublished": "2024-02-06T00:00:00.000Z",
"dateReserved": "2024-01-09T00:00:00.000Z",
"dateUpdated": "2025-11-03T18:08:12.740Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2022-28321 (GCVE-0-2022-28321)
Vulnerability from nvd – Published: 2022-09-19 21:10 – Updated: 2025-05-29 15:30
VLAI?
Summary
The Linux-PAM package before 1.5.2-6.1 for openSUSE Tumbleweed allows authentication bypass for SSH logins. The pam_access.so module doesn't correctly restrict login if a user tries to connect from an IP address that is not resolvable via DNS. In such conditions, a user with denied access to a machine can still get access. NOTE: the relevance of this issue is largely limited to openSUSE Tumbleweed and openSUSE Factory; it does not affect Linux-PAM upstream.
Severity ?
9.8 (Critical)
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T05:48:37.939Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://download.opensuse.org/source/distribution/openSUSE-current/repo/oss/src/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.suse.com/security/cve/CVE-2022-28321.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1197654"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-28321",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-29T15:30:31.022148Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "CWE-287 Improper Authentication",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-29T15:30:36.688Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The Linux-PAM package before 1.5.2-6.1 for openSUSE Tumbleweed allows authentication bypass for SSH logins. The pam_access.so module doesn\u0027t correctly restrict login if a user tries to connect from an IP address that is not resolvable via DNS. In such conditions, a user with denied access to a machine can still get access. NOTE: the relevance of this issue is largely limited to openSUSE Tumbleweed and openSUSE Factory; it does not affect Linux-PAM upstream."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-09-19T21:10:22.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://download.opensuse.org/source/distribution/openSUSE-current/repo/oss/src/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.suse.com/security/cve/CVE-2022-28321.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1197654"
}
],
"source": {
"discovery": "INTERNAL"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-28321",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Linux-PAM package before 1.5.2-6.1 for openSUSE Tumbleweed allows authentication bypass for SSH logins. The pam_access.so module doesn\u0027t correctly restrict login if a user tries to connect from an IP address that is not resolvable via DNS. In such conditions, a user with denied access to a machine can still get access. NOTE: the relevance of this issue is largely limited to openSUSE Tumbleweed and openSUSE Factory; it does not affect Linux-PAM upstream."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://download.opensuse.org/source/distribution/openSUSE-current/repo/oss/src/",
"refsource": "MISC",
"url": "http://download.opensuse.org/source/distribution/openSUSE-current/repo/oss/src/"
},
{
"name": "https://www.suse.com/security/cve/CVE-2022-28321.html",
"refsource": "MISC",
"url": "https://www.suse.com/security/cve/CVE-2022-28321.html"
},
{
"name": "https://bugzilla.suse.com/show_bug.cgi?id=1197654",
"refsource": "MISC",
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1197654"
}
]
},
"source": {
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-28321",
"datePublished": "2022-09-19T21:10:22.000Z",
"dateReserved": "2022-04-01T00:00:00.000Z",
"dateUpdated": "2025-05-29T15:30:36.688Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-27780 (GCVE-0-2020-27780)
Vulnerability from nvd – Published: 2020-12-17 23:55 – Updated: 2024-08-04 16:25
VLAI?
Summary
A flaw was found in Linux-Pam in versions prior to 1.5.1 in the way it handle empty passwords for non-existing users. When the user doesn't exist PAM try to authenticate with root and in the case of an empty password it successfully authenticate.
Severity ?
No CVSS data available.
CWE
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T16:25:42.438Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1901094"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "pam",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "pam 1.5.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in Linux-Pam in versions prior to 1.5.1 in the way it handle empty passwords for non-existing users. When the user doesn\u0027t exist PAM try to authenticate with root and in the case of an empty password it successfully authenticate."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "CWE-287",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-12-17T23:55:45",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1901094"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2020-27780",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "pam",
"version": {
"version_data": [
{
"version_value": "pam 1.5.1"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A flaw was found in Linux-Pam in versions prior to 1.5.1 in the way it handle empty passwords for non-existing users. When the user doesn\u0027t exist PAM try to authenticate with root and in the case of an empty password it successfully authenticate."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-287"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1901094",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1901094"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2020-27780",
"datePublished": "2020-12-17T23:55:45",
"dateReserved": "2020-10-27T00:00:00",
"dateUpdated": "2024-08-04T16:25:42.438Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-3238 (GCVE-0-2015-3238)
Vulnerability from nvd – Published: 2015-08-24 14:00 – Updated: 2024-08-06 05:39
VLAI?
Summary
The _unix_run_helper_binary function in the pam_unix module in Linux-PAM (aka pam) before 1.2.1, when unable to directly access passwords, allows local users to enumerate usernames or cause a denial of service (hang) via a large password.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T05:39:32.046Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "FEDORA-2015-10830",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-June/161249.html"
},
{
"name": "RHSA-2015:1640",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-1640.html"
},
{
"name": "[oss-security] 20150625 Linux-PAM 1.2.1 released to address CVE-2015-3238",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2015/06/25/13"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1228571"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.trustwave.com/Resources/Security-Advisories/Advisories/TWSL2015-011/?fid=6551"
},
{
"name": "GLSA-201605-05",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201605-05"
},
{
"name": "USN-2935-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2935-2"
},
{
"name": "USN-2935-3",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2935-3"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html"
},
{
"name": "USN-2935-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2935-1"
},
{
"name": "FEDORA-2015-10848",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-July/161350.html"
},
{
"name": "75428",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/75428"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.trustwave.com/Resources/SpiderLabs-Blog/Username-Enumeration-against-OpenSSH-SELinux-with-CVE-2015-3238/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-06-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The _unix_run_helper_binary function in the pam_unix module in Linux-PAM (aka pam) before 1.2.1, when unable to directly access passwords, allows local users to enumerate usernames or cause a denial of service (hang) via a large password."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-01T15:57:02",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "FEDORA-2015-10830",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-June/161249.html"
},
{
"name": "RHSA-2015:1640",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-1640.html"
},
{
"name": "[oss-security] 20150625 Linux-PAM 1.2.1 released to address CVE-2015-3238",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2015/06/25/13"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1228571"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.trustwave.com/Resources/Security-Advisories/Advisories/TWSL2015-011/?fid=6551"
},
{
"name": "GLSA-201605-05",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201605-05"
},
{
"name": "USN-2935-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2935-2"
},
{
"name": "USN-2935-3",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2935-3"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html"
},
{
"name": "USN-2935-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2935-1"
},
{
"name": "FEDORA-2015-10848",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-July/161350.html"
},
{
"name": "75428",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/75428"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.trustwave.com/Resources/SpiderLabs-Blog/Username-Enumeration-against-OpenSSH-SELinux-with-CVE-2015-3238/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2015-3238",
"datePublished": "2015-08-24T14:00:00",
"dateReserved": "2015-04-10T00:00:00",
"dateUpdated": "2024-08-06T05:39:32.046Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-2583 (GCVE-0-2014-2583)
Vulnerability from nvd – Published: 2014-04-10 14:00 – Updated: 2024-08-06 10:21
VLAI?
Summary
Multiple directory traversal vulnerabilities in pam_timestamp.c in the pam_timestamp module for Linux-PAM (aka pam) 1.1.8 allow local users to create arbitrary files or possibly bypass authentication via a .. (dot dot) in the (1) PAM_RUSER value to the get_ruser function or (2) PAM_TTY value to the check_tty function, which is used by the format_timestamp_name function.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T10:21:35.162Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20140324 pam_timestamp internals",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2014/03/24/5"
},
{
"name": "66493",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/66493"
},
{
"name": "GLSA-201605-05",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201605-05"
},
{
"name": "57317",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/57317"
},
{
"name": "USN-2935-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2935-2"
},
{
"name": "[oss-security] 20140331 Re: pam_timestamp internals",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2014/03/31/6"
},
{
"name": "USN-2935-3",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2935-3"
},
{
"name": "USN-2935-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2935-1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://git.fedorahosted.org/cgit/linux-pam.git/commit/?id=Linux-PAM-1_1_8-32-g9dcead8"
},
{
"name": "[oss-security] 20140326 Re: pam_timestamp internals",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2014/03/26/10"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-03-24T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple directory traversal vulnerabilities in pam_timestamp.c in the pam_timestamp module for Linux-PAM (aka pam) 1.1.8 allow local users to create arbitrary files or possibly bypass authentication via a .. (dot dot) in the (1) PAM_RUSER value to the get_ruser function or (2) PAM_TTY value to the check_tty function, which is used by the format_timestamp_name function."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-01T15:57:02",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[oss-security] 20140324 pam_timestamp internals",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2014/03/24/5"
},
{
"name": "66493",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/66493"
},
{
"name": "GLSA-201605-05",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201605-05"
},
{
"name": "57317",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/57317"
},
{
"name": "USN-2935-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2935-2"
},
{
"name": "[oss-security] 20140331 Re: pam_timestamp internals",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2014/03/31/6"
},
{
"name": "USN-2935-3",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2935-3"
},
{
"name": "USN-2935-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2935-1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://git.fedorahosted.org/cgit/linux-pam.git/commit/?id=Linux-PAM-1_1_8-32-g9dcead8"
},
{
"name": "[oss-security] 20140326 Re: pam_timestamp internals",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2014/03/26/10"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-2583",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple directory traversal vulnerabilities in pam_timestamp.c in the pam_timestamp module for Linux-PAM (aka pam) 1.1.8 allow local users to create arbitrary files or possibly bypass authentication via a .. (dot dot) in the (1) PAM_RUSER value to the get_ruser function or (2) PAM_TTY value to the check_tty function, which is used by the format_timestamp_name function."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20140324 pam_timestamp internals",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2014/03/24/5"
},
{
"name": "66493",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/66493"
},
{
"name": "GLSA-201605-05",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201605-05"
},
{
"name": "57317",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/57317"
},
{
"name": "USN-2935-2",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2935-2"
},
{
"name": "[oss-security] 20140331 Re: pam_timestamp internals",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2014/03/31/6"
},
{
"name": "USN-2935-3",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2935-3"
},
{
"name": "USN-2935-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2935-1"
},
{
"name": "https://git.fedorahosted.org/cgit/linux-pam.git/commit/?id=Linux-PAM-1_1_8-32-g9dcead8",
"refsource": "CONFIRM",
"url": "https://git.fedorahosted.org/cgit/linux-pam.git/commit/?id=Linux-PAM-1_1_8-32-g9dcead8"
},
{
"name": "[oss-security] 20140326 Re: pam_timestamp internals",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2014/03/26/10"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-2583",
"datePublished": "2014-04-10T14:00:00",
"dateReserved": "2014-03-21T00:00:00",
"dateUpdated": "2024-08-06T10:21:35.162Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-3148 (GCVE-0-2011-3148)
Vulnerability from nvd – Published: 2012-07-22 17:00 – Updated: 2024-08-06 23:22
VLAI?
Summary
Stack-based buffer overflow in the _assemble_line function in modules/pam_env/pam_env.c in Linux-PAM (aka pam) before 1.1.5 allows local users to cause a denial of service (crash) and possibly execute arbitrary code via a long string of white spaces at the beginning of the ~/.pam_environment file.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T23:22:27.612Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.launchpad.net/ubuntu/+source/pam/+bug/874469"
},
{
"name": "GLSA-201206-31",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-201206-31.xml"
},
{
"name": "USN-1237-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-1237-1"
},
{
"name": "46583",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/46583"
},
{
"name": "49711",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/49711"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.fedorahosted.org/git/?p=linux-pam.git%3Ba=commitdiff%3Bh=caf5e7f61c8d9288daa49b4f61962e6b1239121d"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-10-24T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in the _assemble_line function in modules/pam_env/pam_env.c in Linux-PAM (aka pam) before 1.1.5 allows local users to cause a denial of service (crash) and possibly execute arbitrary code via a long string of white spaces at the beginning of the ~/.pam_environment file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-02-26T14:57:02",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.launchpad.net/ubuntu/+source/pam/+bug/874469"
},
{
"name": "GLSA-201206-31",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-201206-31.xml"
},
{
"name": "USN-1237-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-1237-1"
},
{
"name": "46583",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/46583"
},
{
"name": "49711",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/49711"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.fedorahosted.org/git/?p=linux-pam.git%3Ba=commitdiff%3Bh=caf5e7f61c8d9288daa49b4f61962e6b1239121d"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-3148",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in the _assemble_line function in modules/pam_env/pam_env.c in Linux-PAM (aka pam) before 1.1.5 allows local users to cause a denial of service (crash) and possibly execute arbitrary code via a long string of white spaces at the beginning of the ~/.pam_environment file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugs.launchpad.net/ubuntu/+source/pam/+bug/874469",
"refsource": "CONFIRM",
"url": "https://bugs.launchpad.net/ubuntu/+source/pam/+bug/874469"
},
{
"name": "GLSA-201206-31",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-201206-31.xml"
},
{
"name": "USN-1237-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1237-1"
},
{
"name": "46583",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/46583"
},
{
"name": "49711",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/49711"
},
{
"name": "http://git.fedorahosted.org/git/?p=linux-pam.git;a=commitdiff;h=caf5e7f61c8d9288daa49b4f61962e6b1239121d",
"refsource": "CONFIRM",
"url": "http://git.fedorahosted.org/git/?p=linux-pam.git;a=commitdiff;h=caf5e7f61c8d9288daa49b4f61962e6b1239121d"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-3148",
"datePublished": "2012-07-22T17:00:00",
"dateReserved": "2011-08-16T00:00:00",
"dateUpdated": "2024-08-06T23:22:27.612Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-3149 (GCVE-0-2011-3149)
Vulnerability from nvd – Published: 2012-07-22 17:00 – Updated: 2024-08-06 23:22
VLAI?
Summary
The _expand_arg function in the pam_env module (modules/pam_env/pam_env.c) in Linux-PAM (aka pam) before 1.1.5 does not properly handle when environment variable expansion can overflow, which allows local users to cause a denial of service (CPU consumption).
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T23:22:27.630Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "GLSA-201206-31",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-201206-31.xml"
},
{
"name": "USN-1237-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-1237-1"
},
{
"name": "46583",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/46583"
},
{
"name": "49711",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/49711"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.launchpad.net/ubuntu/+source/pam/+bug/874565"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.fedorahosted.org/git/?p=linux-pam.git%3Ba=commitdiff%3Bh=109823cb621c900c07c4b6cdc99070d354d19444"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-10-24T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The _expand_arg function in the pam_env module (modules/pam_env/pam_env.c) in Linux-PAM (aka pam) before 1.1.5 does not properly handle when environment variable expansion can overflow, which allows local users to cause a denial of service (CPU consumption)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-02-26T14:57:02",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "GLSA-201206-31",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-201206-31.xml"
},
{
"name": "USN-1237-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-1237-1"
},
{
"name": "46583",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/46583"
},
{
"name": "49711",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/49711"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.launchpad.net/ubuntu/+source/pam/+bug/874565"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.fedorahosted.org/git/?p=linux-pam.git%3Ba=commitdiff%3Bh=109823cb621c900c07c4b6cdc99070d354d19444"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-3149",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The _expand_arg function in the pam_env module (modules/pam_env/pam_env.c) in Linux-PAM (aka pam) before 1.1.5 does not properly handle when environment variable expansion can overflow, which allows local users to cause a denial of service (CPU consumption)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "GLSA-201206-31",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-201206-31.xml"
},
{
"name": "USN-1237-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1237-1"
},
{
"name": "46583",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/46583"
},
{
"name": "49711",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/49711"
},
{
"name": "https://bugs.launchpad.net/ubuntu/+source/pam/+bug/874565",
"refsource": "CONFIRM",
"url": "https://bugs.launchpad.net/ubuntu/+source/pam/+bug/874565"
},
{
"name": "http://git.fedorahosted.org/git/?p=linux-pam.git;a=commitdiff;h=109823cb621c900c07c4b6cdc99070d354d19444",
"refsource": "CONFIRM",
"url": "http://git.fedorahosted.org/git/?p=linux-pam.git;a=commitdiff;h=109823cb621c900c07c4b6cdc99070d354d19444"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-3149",
"datePublished": "2012-07-22T17:00:00",
"dateReserved": "2011-08-16T00:00:00",
"dateUpdated": "2024-08-06T23:22:27.630Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}