Lucene search

[email protected]CVE-2002-1227

HistoryOct 28, 2002 - 5:00 a.m.

CVE-2002-1227

2002-10-2805:00:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

pam

vulnerability

password

privilege escalation

remote attack

7.1 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.008 Low

EPSS

Percentile

80.9%

JSON

PAM 0.76 treats a disabled password as if it were an empty (null) password, which allows local and remote attackers to gain privileges as disabled users.

CPENameOperatorVersion
pam:pampameq0.76

CPE	Name	Operator	Version
pam:pam	pam	eq	0.76

References

www.debian.org/security/2002/dsa-177

www.iss.net/security_center/static/10405.php

www.securityfocus.com/bid/5994

7.1 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.008 Low

EPSS

Percentile

80.9%

JSON

Related for CVE-2002-1227

debiancve1 nessus1 osv1