Search...

CVE-2016-4422

2016-05-06T13:59:08

ID CVE-2016-4422
Type cve
Reporter NVD
Modified 2016-05-10T10:24:22

Description

The pam_sm_authenticate function in pam_sshauth.c in libpam-sshauth might allow context-dependent attackers to bypass authentication or gain privileges via a system user account.

JSON Vulners Source

Initial Source

{"references": ["https://bazaar.launchpad.net/~ltsp-upstream/ltsp/libpam-sshauth/revision/114#src/pam_sshauth.c", "http://www.debian.org/security/2016/dsa-3567"], "modified": "2016-05-10T10:24:22", "title": "CVE-2016-4422", "history": [], "objectVersion": "1.2", "cvelist": ["CVE-2016-4422"], "type": "cve", "assessment": {"href": "", "system": "", "name": ""}, "id": "CVE-2016-4422", "viewCount": 2, "edition": 1, "scanner": [], "reporter": "NVD", "published": "2016-05-06T13:59:08", "lastseen": "2016-12-01T02:33:23", "hashmap": [{"key": "assessment", "hash": "65d5a89e1c9e4fd39cccde5dde742638"}, {"key": "bulletinFamily", "hash": "601892ece72be3be2f57266ca2354792"}, {"key": "cpe", "hash": "08ec857aacdd726eb62903f006147588"}, {"key": "cvelist", "hash": "978298642cc8864768e94529ff163896"}, {"key": "cvss", "hash": "2bdabeb49c44761f9565717ab0e38165"}, {"key": "description", "hash": "bd73f80d6bd4932fc5769fb6d647f6ab"}, {"key": "href", "hash": "bf84a75fda208f493ca80ea92cea7262"}, {"key": "modified", "hash": "495048bec45479a187ca9e5ad7bb32ca"}, {"key": "objectVersion", "hash": "56765472680401499c79732468ba4340"}, {"key": "published", "hash": "7299418b826b315de2f6f325e029d93e"}, {"key": "references", "hash": "23b4631fc947a2c13f5a4e07982dd96b"}, {"key": "reporter", "hash": "601892ece72be3be2f57266ca2354792"}, {"key": "scanner", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "title", "hash": "9d05e03b9ad58bf25d484052feb852c7"}, {"key": "type", "hash": "1716b5fcbb7121af74efdc153d0166c5"}], "cpe": ["cpe:/o:debian:debian_linux:8.0", "cpe:/a:libpam-sshauth:libpam-sshauth:-"], "hash": "7f1766018cbed0b4c12f4bffb1110bb6b3ac5f8763bfdda018ec1707be094a76", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-4422", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "description": "The pam_sm_authenticate function in pam_sshauth.c in libpam-sshauth might allow context-dependent attackers to bypass authentication or gain privileges via a system user account.", "bulletinFamily": "NVD", "enchantments": {"vulnersScore": 7.5}}

{"result": {"debian": [{"id": "DSA-3567", "type": "debian", "title": "libpam-sshauth -- security update", "description": "It was discovered that libpam-sshauth, a PAM module to authenticate using an SSH server, does not correctly handle system users. In certain configurations an attacker can take advantage of this flaw to gain root privileges.\n\nFor the stable distribution (jessie), this problem has been fixed in version 0.3.1-1+deb8u1.\n\nFor the testing distribution (stretch), this problem has been fixed in version 0.4.1-2.\n\nFor the unstable distribution (sid), this problem has been fixed in version 0.4.1-2.\n\nWe recommend that you upgrade your libpam-sshauth packages.", "published": "2016-05-04T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://www.debian.org/security/dsa-3567", "cvelist": ["CVE-2016-4422"], "lastseen": "2016-09-02T18:19:28"}], "openvas": [{"id": "OPENVAS:703567", "type": "openvas", "title": "Debian Security Advisory DSA 3567-1 (libpam-sshauth - security update)", "description": "It was discovered that libpam-sshauth,\na PAM module to authenticate using an SSH server, does not correctly handle system\nusers. In certain configurations an attacker can take advantage of this flaw to\ngain root privileges.", "published": "2016-05-04T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=703567", "cvelist": ["CVE-2016-4422"], "lastseen": "2017-07-24T12:55:02"}, {"id": "OPENVAS:1361412562310703567", "type": "openvas", "title": "Debian Security Advisory DSA 3567-1 (libpam-sshauth - security update)", "description": "It was discovered that libpam-sshauth,\na PAM module to authenticate using an SSH server, does not correctly handle system\nusers. In certain configurations an attacker can take advantage of this flaw to\ngain root privileges.", "published": "2016-05-04T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310703567", "cvelist": ["CVE-2016-4422"], "lastseen": "2017-12-14T11:55:53"}], "nessus": [{"id": "DEBIAN_DSA-3567.NASL", "type": "nessus", "title": "Debian DSA-3567-1 : libpam-sshauth - security update", "description": "It was discovered that libpam-sshauth, a PAM module to authenticate using an SSH server, does not correctly handle system users. In certain configurations an attacker can take advantage of this flaw to gain root privileges.", "published": "2016-05-05T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=90897", "cvelist": ["CVE-2016-4422"], "lastseen": "2017-10-29T13:44:52"}]}}