Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
amazonAmazonALAS-2014-354
HistoryJun 15, 2014 - 4:18 p.m.

Medium: pam

2014-06-1516:18:00
alas.aws.amazon.com
13

5.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

0.003 Low

EPSS

Percentile

71.8%

JSON

Issue Overview:

Multiple directory traversal vulnerabilities in pam_timestamp.c in the pam_timestamp module for Linux-PAM (aka pam) 1.1.8 allow local users to create aribitrary files or possibly bypass authentication via a … (dot dot) in the (1) PAM_RUSER value to the get_ruser function or (2) PAM_TTY value to the check_tty funtion, which is used by the format_timestamp_name function.

The pam_userdb module for Pam uses a case-insensitive method to compare hashed passwords, which makes it easier for attackers to guess the password via a brute force attack.

Affected Packages:

pam

Issue Correction:
Run yum update pam to update your system.

New Packages:

i686:  
    pam-1.1.8-9.29.amzn1.i686  
    pam-devel-1.1.8-9.29.amzn1.i686  
    pam-debuginfo-1.1.8-9.29.amzn1.i686  
  
src:  
    pam-1.1.8-9.29.amzn1.src  
  
x86_64:  
    pam-1.1.8-9.29.amzn1.x86_64  
    pam-devel-1.1.8-9.29.amzn1.x86_64  
    pam-debuginfo-1.1.8-9.29.amzn1.x86_64

Additional References

Red Hat: CVE-2013-7041, CVE-2014-2583

Mitre: CVE-2013-7041, CVE-2014-2583

Related

nessus 11
fedora 1
mageia 1
openvas 8
ubuntu 3
cloudfoundry 1
gentoo 1
ibm 3
ubuntucve 2
cve 2
debiancve 2
prion 2
cvelist 2
nvd 2
seebug 1
nessus
nessus
Amazon Linux AMI : pam (ALAS-2014-354)
2014-10-12 00:00:00
RHEL 6 : pam (Unpatched Vulnerability)
2024-06-03 00:00:00
Fedora 20 : pam-1.1.8-2.fc20 (2014-16350)
2014-12-18 00:00:00
fedora
fedora
[SECURITY] Fedora 20 Update: pam-1.1.8-2.fc20
2014-12-18 06:07:52
mageia
mageia
Updated pam packages fix security vulnerabilities
2015-05-12 22:37:48
openvas
openvas
Mageia: Security Advisory (MGASA-2015-0213)
2022-01-28 00:00:00
Fedora Update for pam FEDORA-2014-16350
2014-12-19 00:00:00
Amazon Linux: Security Advisory (ALAS-2014-354)
2015-09-08 00:00:00
ubuntu
ubuntu
PAM regression
2016-03-16 00:00:00
PAM regression
2016-03-17 00:00:00
PAM vulnerabilities
2016-03-16 00:00:00
cloudfoundry
cloudfoundry
USN-2935-2 PAM regression | Cloud Foundry
2016-05-06 00:00:00
gentoo
gentoo
Linux-PAM: Multiple vulnerabilities
2016-05-31 00:00:00
ibm
ibm
Security Bulletin: IBM Flex System Manager (FSM) is affected by a Pluggable Authentication Module (PAM) vulnerability (CVE-2013-7041)
2018-06-18 01:33:18
Security Bulletin: Vulnerability in pam affects IBM Integrated Management Module II (IMM2) for System x, Flex and BladeCenter systems (CVE-2013-7041)
2023-04-14 14:32:25
Security Bulletin: Vulnerabilities in PAM affect Power Hardware Management Console (‪CVE-2013-7041 and CVE-2015-3238‬)
2021-09-23 01:31:39
ubuntucve
ubuntucve
CVE-2013-7041
2014-05-08 00:00:00
CVE-2014-2583
2014-04-10 00:00:00
cve
cve
CVE-2013-7041
2014-05-08 14:29:12
CVE-2014-2583
2014-04-10 20:29:20
debiancve
debiancve
CVE-2013-7041
2014-05-08 14:29:12
CVE-2014-2583
2014-04-10 20:29:20
prion
prion
Design/Logic Flaw
2014-05-08 14:29:00
Directory traversal
2014-04-10 20:29:00
cvelist
cvelist
CVE-2013-7041
2014-05-08 14:00:00
CVE-2014-2583
2014-04-10 14:00:00
nvd
nvd
CVE-2013-7041
2014-05-08 14:29:12
CVE-2014-2583
2014-04-10 20:29:20
seebug
seebug
Linux-PAM "pam_timestamp"模块目录遍历漏洞
2014-04-10 00:00:00

5.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

0.003 Low

EPSS

Percentile

71.8%

JSON
Related for ALAS-2014-354
nessus11fedora1mageia1openvas8ubuntu3cloudfoundry1gentoo1ibm3ubuntucve2cve2debiancve2prion2cvelist2nvd2seebug1