ID CVE-2016-4422 Type cve Reporter NVD Modified 2016-05-10T10:24:22
Description
The pam_sm_authenticate function in pam_sshauth.c in libpam-sshauth might allow context-dependent attackers to bypass authentication or gain privileges via a system user account.
{"result": {"debian": [{"id": "DSA-3567", "type": "debian", "title": "libpam-sshauth -- security update", "description": "It was discovered that libpam-sshauth, a PAM module to authenticate using an SSH server, does not correctly handle system users. In certain configurations an attacker can take advantage of this flaw to gain root privileges.\n\nFor the stable distribution (jessie), this problem has been fixed in version 0.3.1-1+deb8u1.\n\nFor the testing distribution (stretch), this problem has been fixed in version 0.4.1-2.\n\nFor the unstable distribution (sid), this problem has been fixed in version 0.4.1-2.\n\nWe recommend that you upgrade your libpam-sshauth packages.", "published": "2016-05-04T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://www.debian.org/security/dsa-3567", "cvelist": ["CVE-2016-4422"], "lastseen": "2016-09-02T18:19:28"}], "openvas": [{"id": "OPENVAS:703567", "type": "openvas", "title": "Debian Security Advisory DSA 3567-1 (libpam-sshauth - security update)", "description": "It was discovered that libpam-sshauth,\na PAM module to authenticate using an SSH server, does not correctly handle system\nusers. In certain configurations an attacker can take advantage of this flaw to\ngain root privileges.", "published": "2016-05-04T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=703567", "cvelist": ["CVE-2016-4422"], "lastseen": "2017-07-24T12:55:02"}, {"id": "OPENVAS:1361412562310703567", "type": "openvas", "title": "Debian Security Advisory DSA 3567-1 (libpam-sshauth - security update)", "description": "It was discovered that libpam-sshauth,\na PAM module to authenticate using an SSH server, does not correctly handle system\nusers. In certain configurations an attacker can take advantage of this flaw to\ngain root privileges.", "published": "2016-05-04T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310703567", "cvelist": ["CVE-2016-4422"], "lastseen": "2017-12-14T11:55:53"}], "nessus": [{"id": "DEBIAN_DSA-3567.NASL", "type": "nessus", "title": "Debian DSA-3567-1 : libpam-sshauth - security update", "description": "It was discovered that libpam-sshauth, a PAM module to authenticate using an SSH server, does not correctly handle system users. In certain configurations an attacker can take advantage of this flaw to gain root privileges.", "published": "2016-05-05T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=90897", "cvelist": ["CVE-2016-4422"], "lastseen": "2017-10-29T13:44:52"}]}}