CVE-2020-27780

A flaw was found in Linux-Pam in versions prior to 1.5.1 in the way it handle empty passwords for non-existing users. When the user doesn't exist PAM try to authenticate with root and in the case of an empty password it successfully authenticate...

CVE-2020-27780

A flaw was found in Linux-Pam in versions prior to 1.5.1 in the way it handle empty passwords for non-existing users. When the user doesn't exist PAM try to authenticate with root and in the case of an empty password it successfully authenticate...

Linux-PAM: Authentication bypass

Background Linux-PAM Pluggable Authentication Modules is an architecture allowing the separation of the development of privilege granting software from the development of secure and appropriate authentication schemes. Description A flaw was found in Linux-Pam in the way it handle empty passwords...

GLSA-202012-06 : Linux-PAM: Authentication bypass

The remote host is affected by the vulnerability described in GLSA-202012-06 Linux-PAM: Authentication bypass A flaw was found in Linux-Pam in the way it handle empty passwords for non-existing users. Impact : A remote attacker, who only needs to know a non-existing username, could bypass securit...

Linux-pam Authorization Issues Vulnerability

Linux-pam is a pluggable-supported system authentication software for Linux from the Linux-pam team. Linux-Pam suffers from an Authorization Problem vulnerability, which can be exploited by an attacker to bypass restrictions and escalate his privileges via the Linux-Pam root null password...

CVE-2020-27780

A flaw was found in Linux-PAM in the way it handles empty passwords for non-existing users. When the user doesn't exist, PAM tries to authenticate with root and with an empty password, authentication is successful. The highest threat from this vulnerability is to confidentiality, integrity, as we...

Denial Of Service (DoS)

Pluggable Authentication Modules PAM is vulnerable to Denial of Service DoS. The checkacl function in pamxauth.c in the pamxauth module in Linux-PAM does not verify that a certain ACL file is a regular file, which might allow local users to cause a denial of service resource consumption via a...

Privilege Escalation

Pluggable Authentication Modules PAM is vulnerable to Privilege Escalation. The attack exists because pamnamespace.c in the pamnamespace module in Linux-PAM uses the environment of the invoking application or service during execution of the namespace.init script, which might allow local users to...

NewStart CGSL CORE 5.04 / MAIN 5.04 : pam Multiple Vulnerabilities (NS-SA-2019-0198)

The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has pam packages installed that are affected by multiple vulnerabilities: - pamunix.so in Linux-PAM 0.99.7.0 allows context- dependent attackers to log into accounts whose password hash, as stored in /etc/passwd or /etc/shadow,...

CVE-2019-5021

Versions of the Official Alpine Linux Docker images since v3.3 contain a NULL password for the root user. This vulnerability appears to be the result of a regression introduced in December of 2015. Due to the nature of this issue, systems deployed using affected versions of the Alpine Linux...

Authentication flaw

Versions of the Official Alpine Linux Docker images since v3.3 contain a NULL password for the root user. This vulnerability appears to be the result of a regression introduced in December of 2015. Due to the nature of this issue, systems deployed using affected versions of the Alpine Linux...

CVE-2019-5021

Versions of the Official Alpine Linux Docker images since v3.3 contain a NULL password for the root user. This vulnerability appears to be the result of a regression introduced in December of 2015. Due to the nature of this issue, systems deployed using affected versions of the Alpine Linux...

Denial Of Service (DoS)

pam is vulnerable to denial of service DoS attacks. The vulnerability exists as the unixrunhelperbinary function in the pamunix module in Linux-PAM aka pam before 1.2.1, when unable to directly access passwords, allows local users to enumerate usernames or cause a denial of service hang via a lar...

Denial Of Service (DoS)

pam is vulnerable to denial of service DoS attacks. The vulnerability exists as a stack-based buffer overflow in the assembleline function in modules/pamenv/pamenv.c in Linux-PAM aka pam before 1.1.5 allows local users to cause a denial of service crash and possibly execute arbitrary code via a...

Privilege Escalation

github.com/google/fscrypt is vulnerable to privilege escalation. It does not correctly restore the primary and supplementary group IDs to the values associated with the root user, allowing the attacker to escalate the privileges through applications that use the Linux-PAM aka pam...

CVE-2018-6558

The pamfscrypt module in fscrypt before 0.2.4 may incorrectly restore primary and supplementary group IDs to the values associated with the root user, which allows attackers to gain privileges via a successful login through certain applications that use Linux-PAM aka pam...

CVE-2018-6558

The vulnerability CVE-2018-6558 affects the pam_fscrypt module of fscrypt, where versions prior to 0.2.4 may incorrectly restore primary and supplementary group IDs to the values of the root user. This flaw can allow an unprivileged attacker to gain privileges through login flows used by applicat...

CVE-2018-6558

The pamfscrypt module in fscrypt before 0.2.4 may incorrectly restore primary and supplementary group IDs to the values associated with the root user, which allows attackers to gain privileges via a successful login through certain applications that use Linux-PAM aka pam...

DEBIAN-CVE-2018-6558

The pamfscrypt module in fscrypt before 0.2.4 may incorrectly restore primary and supplementary group IDs to the values associated with the root user, which allows attackers to gain privileges via a successful login through certain applications that use Linux-PAM aka pam...

CVE-2018-6558

The pamfscrypt module in fscrypt before 0.2.4 may incorrectly restore primary and supplementary group IDs to the values associated with the root user, which allows attackers to gain privileges via a successful login through certain applications that use Linux-PAM aka pam...