Lucene search

MitreCVE-2000-0378

HistoryOct 13, 2000 - 4:00 a.m.

CVE-2000-0378

2000-10-1304:00:00

mitre

web.nvd.nist.gov

linux

pam module

pam_console

vulnerability

device sniffing

user logout

cve-2000-0378

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

AI Score

6.9

Confidence

Low

EPSS

Percentile

13.4%

JSON

The pam_console PAM module in Linux systems performs a chown on various devices upon a user login, but an open file descriptor for those devices can be maintained after the user logs out, which allows that user to sniff activity on these devices when subsequent users log in.

Affected configurations

Nvd

Node

redhatlinuxMatch6.0

redhatlinuxMatch6.1

redhatlinuxMatch6.2

VendorProductVersionCPE
redhatlinux6.0cpe:2.3:o:redhat:linux:6.0:*:*:*:*:*:*:*
redhatlinux6.1cpe:2.3:o:redhat:linux:6.1:*:*:*:*:*:*:*
redhatlinux6.2cpe:2.3:o:redhat:linux:6.2:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
redhat	linux	6.0	cpe:2.3:o:redhat:linux:6.0:::::::*
redhat	linux	6.1	cpe:2.3:o:redhat:linux:6.1:::::::*
redhat	linux	6.2	cpe:2.3:o:redhat:linux:6.2:::::::*

References

archives.neohapsis.com/archives/bugtraq/2000-05/0023.html

www.securityfocus.com/bid/1176

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

AI Score

6.9

Confidence

Low

EPSS

Percentile

13.4%

JSON

Related for CVE-2000-0378