467 matches found
Privilege Escalation in fscrypt
The pamfscrypt module in fscrypt before 0.2.4 may incorrectly restore primary and supplementary group IDs to the values associated with the root user, which allows attackers to gain privileges via a successful login through certain applications that use Linux-PAM aka pam...
CVE-2020-36394
pamsetquota.c in the pamsetquota module before 2020-05-29 for Linux-PAM allows local attackers to set their quota on an arbitrary filesystem, in certain situations where the attacker's home directory is a FUSE filesystem mounted under /home...
CVE-2020-36394
pamsetquota.c in the pamsetquota module before 2020-05-29 for Linux-PAM allows local attackers to set their quota on an arbitrary filesystem, in certain situations where the attacker's home directory is a FUSE filesystem mounted under /home...
CVE-2020-36394
pamsetquota.c in the pamsetquota module before 2020-05-29 for Linux-PAM allows local attackers to set their quota on an arbitrary filesystem, in certain situations where the attacker's home directory is a FUSE filesystem mounted under /home...
Design/Logic Flaw
pamsetquota.c in the pamsetquota module before 2020-05-29 for Linux-PAM allows local attackers to set their quota on an arbitrary filesystem, in certain situations where the attacker's home directory is a FUSE filesystem mounted under /home...
CVE-2020-36394
pamsetquota.c in the pamsetquota module before 2020-05-29 for Linux-PAM allows local attackers to set their quota on an arbitrary filesystem, in certain situations where the attacker's home directory is a FUSE filesystem mounted under /home...
CVE-2020-36394
The CVE-2020-36394 issue affects pam_setquota.c in the pam_setquota module of Linux-PAM, fixed after 2020-05-29 in affected builds. It allows a local attacker to set quotas on an arbitrary filesystem in scenarios where the attacker’s home directory is on a FUSE filesystem mounted under /home. The...
Linux-PAM 安全漏洞
Linux-pam is a pluggable-supported system authentication software for Linux from the Linux-pam team. A security vulnerability exists in Linux-PAM that allows a local attacker to exploit the vulnerability to set quotas on arbitrary filesystems, in some cases the home directory of the attacker to...
Privilege Escalation
linux-pam:edge is vulnerable to Privilege Escalation. A flaw is found in the way it handles empty passwords for non-existing users. When the user doesn't exist PAM try to authenticate with root and in the case of an empty password it successfully authenticate...
Security Bulletin: IBM Verify Gateway PAM components include a leftover debug file (CVE-2020-4371)
Summary The IBM Verify Gateway IVG PAM components include a leftover header file in their installation packages. The file was needed for debugging during development and shouldn't be part of the delivered PAM components. As of v1.0.1 of IVG for AIX PAM, and v1.0.2 of IVG for Linux PAM, the file h...
Security Bulletin: IBM Verify Gateway does not prevent excessive authentication attempts (CVE-2020-4400)
Summary The IBM Verify Gateway IVG components do not prevent rapid, excessive attempts to authenticate with a time-based one-time password TOTP. Consequently, an attacker could brute force account credentials. As of v1.0.1 of IVG for RADIUS and IVG for AIX PAM, and v1.0.2 of IVG for Linux PAM and...
Security Bulletin: IBM Verify Gateway PAM components default to cleartext storage of client secret (CVE-2020-4369)
Summary The IBM Verify Gateway IVG PAM components allow encryption of the client-secret property in the /etc/pamibmauth.json file, but it's not the default configuration. Instead, customers must remember to add an --obfuscation command-line flag to encrypt the property. As of v1.0.1 of IVG for AI...
A flaw was found in Linux-Pam in versions prior to 1.5.1 in the way it handle empty passwords for non-existing users. When the user doesn't exist PAM try to authenticate with root and in the case of an empty password it successfully authenticate.
...
ALPINE-CVE-2020-27780
A flaw was found in Linux-Pam in versions prior to 1.5.1 in the way it handle empty passwords for non-existing users. When the user doesn't exist PAM try to authenticate with root and in the case of an empty password it successfully authenticate...
CVE-2020-27780
A flaw was found in Linux-Pam in versions prior to 1.5.1 in the way it handle empty passwords for non-existing users. When the user doesn't exist PAM try to authenticate with root and in the case of an empty password it successfully authenticate...
CVE-2020-27780
A flaw was found in Linux-Pam in versions prior to 1.5.1 in the way it handle empty passwords for non-existing users. When the user doesn't exist PAM try to authenticate with root and in the case of an empty password it successfully authenticate...
CVE-2020-27780
A flaw was found in Linux-Pam in versions prior to 1.5.1 in the way it handle empty passwords for non-existing users. When the user doesn't exist PAM try to authenticate with root and in the case of an empty password it successfully authenticate...
Design/Logic Flaw
A flaw was found in Linux-Pam in versions prior to 1.5.1 in the way it handle empty passwords for non-existing users. When the user doesn't exist PAM try to authenticate with root and in the case of an empty password it successfully authenticate...
CVE-2020-27780
Linux-PAM (pam) prior to version 1.5.1 is vulnerable to an authentication bypass: if a non-existent username is supplied and the root password is empty, PAM may authenticate as root. Affected: pam components in Linux-PAM before 1.5.1. Root cause: handling of empty passwords for non-existing users...
CVE-2020-27780
A flaw was found in Linux-Pam in versions prior to 1.5.1 in the way it handle empty passwords for non-existing users. When the user doesn't exist PAM try to authenticate with root and in the case of an empty password it successfully authenticate...