467 matches found
GLSA-200909-01 : Linux-PAM: Privilege escalation
The remote host is affected by the vulnerability described in GLSA-200909-01 Linux-PAM: Privilege escalation Marcus Granado repoted that Linux-PAM does not properly handle user names that contain Unicode characters. This is related to integer signedness errors in the pamStrTok function in...
Linux-PAM: Privilege escalation
Background Linux-PAM Pluggable Authentication Modules is an architecture allowing the separation of the development of privilege granting software from the development of secure and appropriate authentication schemes. Description Marcus Granado repoted that Linux-PAM does not properly handle user...
[SECURITY] Fedora 9 Update: pam_krb5-2.3.5-1.fc9
This is pamkrb5, a pluggable authentication module that can be used with Linux-PAM and Kerberos 5. This module supports password checking, ticket creation, and optional TGT verification and conversion to Kerberos IV ticke ts. The included pamkrb5afs module also gets AFS tokens if so configured...
[SECURITY] Fedora 11 Update: pam_krb5-2.3.5-1.fc11
This is pamkrb5, a pluggable authentication module that can be used with Linux-PAM and Kerberos 5. This module supports password checking, ticket creation, and optional TGT verification and conversion to Kerberos IV ticke ts. The included pamkrb5afs module also gets AFS tokens if so configured...
[SECURITY] Fedora 10 Update: pam_krb5-2.3.5-1.fc10
This is pamkrb5, a pluggable authentication module that can be used with Linux-PAM and Kerberos 5. This module supports password checking, ticket creation, and optional TGT verification and conversion to Kerberos IV ticke ts. The included pamkrb5afs module also gets AFS tokens if so configured...
CVE-2009-0579
Linux-PAM before 1.0.4 does not enforce the minimum password age MINDAYS as specified in /etc/shadow, which allows local users to bypass intended security policy and change their passwords sooner than specified...
CVE-2009-0579
Linux-PAM before 1.0.4 does not enforce the minimum password age MINDAYS as specified in /etc/shadow, which allows local users to bypass intended security policy and change their passwords sooner than specified...
DEBIAN-CVE-2009-0579
Linux-PAM before 1.0.4 does not enforce the minimum password age MINDAYS as specified in /etc/shadow, which allows local users to bypass intended security policy and change their passwords sooner than specified...
CVE-2009-0579
Linux-PAM before 1.0.4 does not enforce the minimum password age MINDAYS as specified in /etc/shadow, which allows local users to bypass intended security policy and change their passwords sooner than specified...
Design/Logic Flaw
Linux-PAM before 1.0.4 does not enforce the minimum password age MINDAYS as specified in /etc/shadow, which allows local users to bypass intended security policy and change their passwords sooner than specified...
CVE-2009-0579
Linux-PAM before 1.0.4 does not enforce the minimum password age MINDAYS as specified in /etc/shadow, which allows local users to bypass intended security policy and change their passwords sooner than specified...
CVE-2009-0579
Linux-PAM before 1.0.4 does not enforce the minimum password age MINDAYS as specified in /etc/shadow, which allows local users to bypass intended security policy and change their passwords sooner than specified...
Mandrake Security Advisory MDVSA-2009:077 (pam)
The remote host is missing an update to pam announced via advisory MDVSA-2009:077. SPDX-FileCopyrightText: 2009 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only OR GPL-3.0-on...
Linux-PAM signed/unsignedconversion vulnerability
Problems with non-ASCII symbols in configuration file...
CVE-2009-0887
Integer signedness error in the pamStrTok function in libpam/pammisc.c in Linux-PAM aka pam 1.0.3 and earlier, when a configuration file contains non-ASCII usernames, might allow remote attackers to cause a denial of service, and might allow remote authenticated users to obtain login access with ...
CVE-2009-0887
Integer signedness error in the pamStrTok function in libpam/pammisc.c in Linux-PAM aka pam 1.0.3 and earlier, when a configuration file contains non-ASCII usernames, might allow remote attackers to cause a denial of service, and might allow remote authenticated users to obtain login access with ...
Integer overflow
Integer signedness error in the pamStrTok function in libpam/pammisc.c in Linux-PAM aka pam 1.0.3 and earlier, when a configuration file contains non-ASCII usernames, might allow remote attackers to cause a denial of service, and might allow remote authenticated users to obtain login access with ...
CVE-2009-0887
CVE-2009-0887 describes an integer signedness error in the pam_StrTok function (libpam/pam_misc.c) of Linux-PAM up to version 1.0.3 and earlier. The issue can surface when a configuration file contains non-ASCII usernames, potentially leading to a denial of service and, in some cases, allowing re...
CVE-2009-0887
Integer signedness error in the pamStrTok function in libpam/pammisc.c in Linux-PAM aka pam 1.0.3 and earlier, when a configuration file contains non-ASCII usernames, might allow remote attackers to cause a denial of service, and might allow remote authenticated users to obtain login access with ...
CVE-2009-0887
Integer signedness error in the pamStrTok function in libpam/pammisc.c in Linux-PAM aka pam 1.0.3 and earlier, when a configuration file contains non-ASCII usernames, might allow remote attackers to cause a denial of service, and might allow remote authenticated users to obtain login access with ...