Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
mageiaGentoo FoundationMGASA-2015-0213
HistoryMay 12, 2015 - 10:37 p.m.

Updated pam packages fix security vulnerabilities

2015-05-1222:37:48
Gentoo Foundation
advisories.mageia.org
7

5.8 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

0.003 Low

EPSS

Percentile

71.6%

JSON

Updated pam packages fix security vulnerabilities: The pam_userdb module for Pam uses a case-insensitive method to compare hashed passwords, which makes it easier for attackers to guess the password via a brute force attack (CVE-2013-7041). Multiple directory traversal vulnerabilities in pam_timestamp.c in the pam_timestamp module for Linux-PAM (aka pam) 1.1.8 allow local users to create aribitrary files or possibly bypass authentication via a โ€ฆ (dot dot) in the PAM_RUSER value to the get_ruser function or (2) PAM_TTY value to the check_tty funtion, which is used by the format_timestamp_name function (CVE-2014-2583).

OSVersionArchitecturePackageVersionFilename
Mageia4noarchpam<ย 1.1.8-7.1pam-1.1.8-7.1.mga4

Related

fedora 1
nessus 9
openvas 8
amazon 1
ubuntu 3
gentoo 1
cloudfoundry 1
ibm 3
debiancve 2
cve 2
prion 2
nvd 2
cvelist 2
ubuntucve 2
seebug 1
fedora
fedora
[SECURITY] Fedora 20 Update: pam-1.1.8-2.fc20
2014-12-18 06:07:52
nessus
nessus
Amazon Linux AMI : pam (ALAS-2014-354)
2014-10-12 00:00:00
Fedora 20 : pam-1.1.8-2.fc20 (2014-16350)
2014-12-18 00:00:00
GLSA-201605-05 : Linux-PAM: Multiple vulnerabilities
2016-05-31 00:00:00
openvas
openvas
Mageia: Security Advisory (MGASA-2015-0213)
2022-01-28 00:00:00
Amazon Linux: Security Advisory (ALAS-2014-354)
2015-09-08 00:00:00
Fedora Update for pam FEDORA-2014-16350
2014-12-19 00:00:00
amazon
amazon
Medium: pam
2014-06-15 16:18:00
ubuntu
ubuntu
PAM regression
2016-03-17 00:00:00
PAM vulnerabilities
2016-03-16 00:00:00
PAM regression
2016-03-16 00:00:00
gentoo
gentoo
Linux-PAM: Multiple vulnerabilities
2016-05-31 00:00:00
cloudfoundry
cloudfoundry
USN-2935-2 PAM regression | Cloud Foundry
2016-05-06 00:00:00
ibm
ibm
Security Bulletin: IBM Flex System Manager (FSM) is affected by a Pluggable Authentication Module (PAM) vulnerability (CVE-2013-7041)
2018-06-18 01:33:18
Security Bulletin: Vulnerability in pam affects IBM Integrated Management Module II (IMM2) for System x, Flex and BladeCenter systems (CVE-2013-7041)
2023-04-14 14:32:25
Security Bulletin: Vulnerabilities in PAM affect Power Hardware Management Console (โ€ชCVE-2013-7041 and CVE-2015-3238โ€ฌ)
2021-09-23 01:31:39
debiancve
debiancve
CVE-2013-7041
2014-05-08 14:29:12
CVE-2014-2583
2014-04-10 20:29:20
cve
cve
CVE-2013-7041
2014-05-08 14:29:12
CVE-2014-2583
2014-04-10 20:29:20
prion
prion
Design/Logic Flaw
2014-05-08 14:29:00
Directory traversal
2014-04-10 20:29:00
nvd
nvd
CVE-2013-7041
2014-05-08 14:29:12
CVE-2014-2583
2014-04-10 20:29:20
cvelist
cvelist
CVE-2013-7041
2014-05-08 14:00:00
CVE-2014-2583
2014-04-10 14:00:00
ubuntucve
ubuntucve
CVE-2013-7041
2014-05-08 00:00:00
CVE-2014-2583
2014-04-10 00:00:00
seebug
seebug
Linux-PAM &quot;pam_timestamp&quot;ๆจกๅ—็›ฎๅฝ•้ๅŽ†ๆผๆดž
2014-04-10 00:00:00

5.8 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

0.003 Low

EPSS

Percentile

71.6%

JSON
Related for MGASA-2015-0213
fedora1nessus9openvas8amazon1ubuntu3gentoo1cloudfoundry1ibm3debiancve2cve2prion2nvd2cvelist2ubuntucve2seebug1