Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
certCERTVU:911505
HistoryMay 04, 2003 - 12:00 a.m.

pam_xauth may insecurely forward "X MIT-Magic-Cookies" to new sessions

2003-05-0400:00:00
www.kb.cert.org
16

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

EPSS

0

Percentile

9.7%

JSON

Overview

A vulnerability exists in pam_xauth that may allow a local attacker to gain access to an administrator’s X session.

Description

pam_xauth is used to forward xauth keys (or cookies) between users. From the pam_xauth man page:

Without pam_xauth, when xauth is enabled and a user uses the su command to assume superuser priviledges, that user is not able to run X commands as root without somehow giving root access to the xauth key used for the current X session. pam_xauth solves the problem by forwarding the key from the user running su (the source user) to the user whose identity the source user is assuming (the target user) when the session is created, and destroying the key when the session is torn down.
If a local attacker can cause the system administrator to su to the attacker’s account, the attacker may be able to gain access to an administrator’s X session. For further technical details, please see Andreas Beck’s advisory.

Impact

A local attacker may be able to gain access to an administrator’s X session.

Solution

Apply a patch from your vendor.

Vendor Information

911505

Filter by status: All Affected Not Affected Unknown

Filter by content: __ Additional information available

__ Sort by: Status Alphabetical

Expand all

Javascript is disabled. Click here to view vendors.

MandrakeSoft __ Affected

Notified: May 04, 2003 Updated: May 05, 2003

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

Please see MDKSA-2003:017.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23911505 Feedback>).

Openwall GNU/*/Linux __ Affected

Notified: May 04, 2003 Updated: May 07, 2003

Status

Affected

Vendor Statement

"While we do include pam_xauth in Openwall GNU/*/Linux, it is not used in the default configuration.

However, su(1) is fundamentally flawed and can’t be safely used to access other accounts because of attacks based on access to the terminal and, except when accessing an obviously less privileged account, attacks on the invocation of su. About the only safe use left for su is by scripts running as root and without a terminal."

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23911505 Feedback>).

Red Hat Inc. __ Affected

Updated: May 07, 2003

Status

Affected

Vendor Statement

Red Hat Linux, prior to version 9, and Red Hat Enterprise Linux ship with a pam_xauth package vulnerable to this issue. Updated packages are available along with our advisory at the URLs below. Users of the Red Hat Network can update their systems using the ‘up2date’ tool.

Red Hat Linux:
<http://rhn.redhat.com/errata/RHSA-2003-035.html&gt;
Red Hat Enterprise Linux:
<http://rhn.redhat.com/errata/RHSA-2003-028.html&gt;

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23911505 Feedback>).

Apple Computer Inc. __ Not Affected

Notified: May 04, 2003 Updated: May 07, 2003

Status

Not Affected

Vendor Statement

pam_xauth is not shipped with either Mac OS X or Mac OS X Server.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23911505 Feedback>).

Debian __ Not Affected

Notified: May 04, 2003 Updated: May 05, 2003

Status

Not Affected

Vendor Statement

Debian does not, and has never, shipped pam_xauth.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23911505 Feedback>).

Foundry Networks Inc. __ Not Affected

Notified: May 04, 2003 Updated: May 07, 2003

Status

Not Affected

Vendor Statement

Foundry Networks is not affected by this vulnerability. Foundry Networks does not use pam_xauth in any of its products.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23911505 Feedback>).

Fujitsu __ Not Affected

Notified: May 04, 2003 Updated: June 17, 2003

Status

Not Affected

Vendor Statement

Fujitsu’s UXP/V o.s. is not affected by the problem in VU#911505.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23911505 Feedback>).

Hitachi __ Not Affected

Notified: May 04, 2003 Updated: May 07, 2003

Status

Not Affected

Vendor Statement

HI-UX/WE2 is NOT vulnerable, because it does not support pam_xauth.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23911505 Feedback>).

IBM __ Not Affected

Notified: May 04, 2003 Updated: May 07, 2003

Status

Not Affected

Vendor Statement

IBM’s AIX is not vulnerable to the issues discussed in CERT Vulnerability Note VU#911505.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23911505 Feedback>).

Ingrian Networks __ Not Affected

Notified: May 04, 2003 Updated: May 07, 2003

Status

Not Affected

Vendor Statement

Ingrian Networks products are not vulnerable to this problem.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23911505 Feedback>).

NetScreen __ Not Affected

Notified: May 04, 2003 Updated: May 07, 2003

Status

Not Affected

Vendor Statement

NetScreen is not vulnerable to this issue.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23911505 Feedback>).

Xerox Corporation __ Not Affected

Notified: May 04, 2003 Updated: May 30, 2003

Status

Not Affected

Vendor Statement

A response to this vulnerability is available from our web site: <http://www.xerox.com/security&gt;.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23911505 Feedback>).

3Com Unknown

Notified: May 04, 2003 Updated: May 05, 2003

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23911505 Feedback>).

AT&T Unknown

Notified: May 04, 2003 Updated: May 05, 2003

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23911505 Feedback>).

Alcatel Unknown

Notified: May 04, 2003 Updated: May 05, 2003

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23911505 Feedback>).

Avaya Unknown

Notified: May 04, 2003 Updated: May 05, 2003

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23911505 Feedback>).

BSDI Unknown

Notified: May 04, 2003 Updated: May 05, 2003

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23911505 Feedback>).

Cisco Systems Inc. Unknown

Notified: May 04, 2003 Updated: May 05, 2003

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23911505 Feedback>).

Computer Associates Unknown

Notified: May 04, 2003 Updated: May 05, 2003

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23911505 Feedback>).

Conectiva Unknown

Notified: May 04, 2003 Updated: May 05, 2003

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23911505 Feedback>).

Cray Inc. Unknown

Notified: May 04, 2003 Updated: May 05, 2003

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23911505 Feedback>).

D-Link Systems Unknown

Notified: May 04, 2003 Updated: May 05, 2003

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23911505 Feedback>).

Data General Unknown

Notified: May 04, 2003 Updated: May 05, 2003

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23911505 Feedback>).

Engarde Unknown

Notified: May 04, 2003 Updated: May 05, 2003

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23911505 Feedback>).

Extreme Networks Unknown

Notified: May 04, 2003 Updated: May 05, 2003

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23911505 Feedback>).

F5 Networks Unknown

Notified: May 04, 2003 Updated: May 05, 2003

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23911505 Feedback>).

FreeBSD Unknown

Notified: May 04, 2003 Updated: May 05, 2003

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23911505 Feedback>).

Hewlett-Packard Company Unknown

Notified: May 04, 2003 Updated: May 05, 2003

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23911505 Feedback>).

Intel Unknown

Notified: May 04, 2003 Updated: May 05, 2003

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23911505 Feedback>).

Juniper Networks Unknown

Notified: May 04, 2003 Updated: May 05, 2003

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23911505 Feedback>).

Lachman Unknown

Notified: May 04, 2003 Updated: May 05, 2003

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23911505 Feedback>).

Lotus Software Unknown

Notified: May 04, 2003 Updated: May 05, 2003

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23911505 Feedback>).

Lucent Technologies Unknown

Notified: May 04, 2003 Updated: May 05, 2003

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23911505 Feedback>).

Microsoft Corporation Unknown

Notified: May 04, 2003 Updated: May 05, 2003

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23911505 Feedback>).

MontaVista Software Unknown

Notified: May 04, 2003 Updated: May 05, 2003

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23911505 Feedback>).

Multi-Tech Systems Inc. Unknown

Notified: May 04, 2003 Updated: May 05, 2003

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23911505 Feedback>).

Multinet Unknown

Notified: May 04, 2003 Updated: May 05, 2003

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23911505 Feedback>).

NEC Corporation Unknown

Notified: May 04, 2003 Updated: May 05, 2003

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23911505 Feedback>).

NeXT Unknown

Notified: May 04, 2003 Updated: May 05, 2003

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23911505 Feedback>).

NetBSD Unknown

Notified: May 04, 2003 Updated: May 05, 2003

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23911505 Feedback>).

Network Appliance Unknown

Notified: May 04, 2003 Updated: May 05, 2003

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23911505 Feedback>).

Nokia Unknown

Notified: May 04, 2003 Updated: May 05, 2003

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23911505 Feedback>).

Nortel Networks Unknown

Notified: May 04, 2003 Updated: May 05, 2003

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23911505 Feedback>).

OpenBSD Unknown

Notified: May 04, 2003 Updated: May 05, 2003

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23911505 Feedback>).

Oracle Corporation Unknown

Notified: May 04, 2003 Updated: May 05, 2003

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23911505 Feedback>).

Redback Networks Inc. Unknown

Notified: May 04, 2003 Updated: May 05, 2003

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23911505 Feedback>).

Riverstone Networks Unknown

Notified: May 04, 2003 Updated: May 05, 2003

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23911505 Feedback>).

SCO Unknown

Notified: May 04, 2003 Updated: May 05, 2003

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23911505 Feedback>).

SGI Unknown

Notified: May 04, 2003 Updated: May 05, 2003

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23911505 Feedback>).

Sequent Unknown

Notified: May 04, 2003 Updated: May 05, 2003

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23911505 Feedback>).

Sony Corporation Unknown

Notified: May 04, 2003 Updated: May 05, 2003

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23911505 Feedback>).

SuSE Inc. Unknown

Notified: May 04, 2003 Updated: May 05, 2003

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23911505 Feedback>).

Sun Microsystems Inc. Unknown

Notified: May 04, 2003 Updated: May 05, 2003

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23911505 Feedback>).

Unisys Unknown

Notified: May 04, 2003 Updated: May 05, 2003

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23911505 Feedback>).

Wind River Systems Inc. Unknown

Notified: May 04, 2003 Updated: May 05, 2003

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23911505 Feedback>).

Wirex Unknown

Notified: May 04, 2003 Updated: May 05, 2003

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23911505 Feedback>).

ZyXEL Unknown

Notified: May 04, 2003 Updated: May 05, 2003

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23911505 Feedback>).

View all 57 vendors __View less vendors __

CVSS Metrics

Group Score Vector
Base
Temporal
Environmental

References

Acknowledgements

This vulnerability was discovered by Andreas Beck.

This document was written by Ian A Finlay.

Other Information

CVE IDs: CVE-2002-1160
Severity Metric: 12.94 Date Public:

Related

cve 1
redhat 1
cvelist 1
nessus 2
nvd 1
cve
cve
CVE-2002-1160
2004-09-01 04:00:00
redhat
redhat
(RHSA-2003:028) pam security update
2003-01-28 00:00:00
cvelist
cvelist
CVE-2002-1160
2004-09-01 04:00:00
nessus
nessus
Mandrake Linux Security Advisory : pam (MDKSA-2003:017-1)
2004-07-31 00:00:00
RHEL 2.1 : pam (RHSA-2003:028)
2004-07-06 00:00:00
nvd
nvd
CVE-2002-1160
2003-02-19 05:00:00

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

EPSS

0

Percentile

9.7%

JSON
Related for VU:911505
cve1redhat1cvelist1nessus2nvd1