Lucene search

[email protected]CVE-2014-2583

HistoryApr 10, 2014 - 8:29 p.m.

CVE-2014-2583

2014-04-1020:29:00

CWE-22

[email protected]

web.nvd.nist.gov

cve

2014

2583

directory traversal

pam_timestamp.c

linux-pam

pam

authentication

nvd

6.7 Medium

AI Score

Confidence

High

5.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

0.003 Low

EPSS

Percentile

71.5%

JSON

Multiple directory traversal vulnerabilities in pam_timestamp.c in the pam_timestamp module for Linux-PAM (aka pam) 1.1.8 allow local users to create arbitrary files or possibly bypass authentication via a … (dot dot) in the (1) PAM_RUSER value to the get_ruser function or (2) PAM_TTY value to the check_tty function, which is used by the format_timestamp_name function.

CPENameOperatorVersion
linux-pam:linux-pamlinux-pameq1.1.8

CPE	Name	Operator	Version
linux-pam:linux-pam	linux-pam	eq	1.1.8

References

secunia.com/advisories/57317

www.openwall.com/lists/oss-security/2014/03/24/5

www.openwall.com/lists/oss-security/2014/03/26/10

www.openwall.com/lists/oss-security/2014/03/31/6

www.securityfocus.com/bid/66493

www.ubuntu.com/usn/USN-2935-1

www.ubuntu.com/usn/USN-2935-2

www.ubuntu.com/usn/USN-2935-3

git.fedorahosted.org/cgit/linux-pam.git/commit/?id=Linux-PAM-1_1_8-32-g9dcead8

security.gentoo.org/glsa/201605-05

6.7 Medium

AI Score

Confidence

High

5.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

0.003 Low

EPSS

Percentile

71.5%

JSON

Related for CVE-2014-2583

nessus8 ubuntucve1 debiancve1 openvas7 prion1 cvelist1 seebug1 fedora1 mageia1 amazon1 cloudfoundry1 gentoo1 ubuntu3