467 matches found
CVE-2009-0887
Integer signedness error in the pamStrTok function in libpam/pammisc.c in Linux-PAM aka pam 1.0.3 and earlier, when a configuration file contains non-ASCII usernames, might allow remote attackers to cause a denial of service, and might allow remote authenticated users to obtain login access with ...
[SECURITY] Fedora 9 Update: pam_krb5-2.3.0-2.fc9
This is pamkrb5, a pluggable authentication module that can be used with Linux-PAM and Kerberos 5. This module supports password checking, ticket creation, and optional TGT verification and conversion to Kerberos IV ticke ts. The included pamkrb5afs module also gets AFS tokens if so configured...
Linux-PAM pam_unix.so绕过认证漏洞
可插拔认证模块(PAM)是用于认证用户的机制,使用在多种Linux版本上。 Linux-PAM的modules/pamunix/support.c文件中unixverifypassword函数在验证用户口令时存在漏洞,远程攻击者可能利用此漏洞获取非授权访问。 如果口令文件中的哈希为“!!”或类似的话,用户就可以以任意口令登录。 Linux-PAM Linux-PAM 0.99.7.0 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:...
[SA23858] Linux-PAM Login Bypass Security Vulnerability
TITLE: Linux-PAM Login Bypass Security Vulnerability SECUNIA ADVISORY ID: SA23858 VERIFY ADVISORY: http://secunia.com/advisories/23858/ CRITICAL: Moderately critical IMPACT: Security Bypass WHERE: From remote SOFTWARE: Linux-PAM 0.x http://secunia.com/product/1701/ DESCRIPTION: A vulnerability ha...
Code injection
pamunix.so in Linux-PAM 0.99.7.0 allows context-dependent attackers to log into accounts whose password hash, as stored in /etc/passwd or /etc/shadow, has only two characters...
CVE-2007-0003
pamunix.so in Linux-PAM 0.99.7.0 allows context-dependent attackers to log into accounts whose password hash, as stored in /etc/passwd or /etc/shadow, has only two characters...
CVE-2007-0003
pamunix.so in Linux-PAM 0.99.7.0 allows context-dependent attackers to log into accounts whose password hash, as stored in /etc/passwd or /etc/shadow, has only two characters...
CVE-2007-0003
pamunix.so in Linux-PAM 0.99.7.0 allows context-dependent attackers to log into accounts whose password hash, as stored in /etc/passwd or /etc/shadow, has only two characters...
CVE-2007-0003
CVE-2007-0003 affects pam_unix.so in Linux-PAM 0.99.7.0, enabling context-dependent attackers to log into accounts whose password hash in /etc/passwd or /etc/shadow consists of only two characters. This is disclosed across multiple sources (Red Hat, Ubuntu, SUSE, and security trackers) and is ver...
CVE-2007-0003
pamunix.so in Linux-PAM 0.99.7.0 allows context-dependent attackers to log into accounts whose password hash, as stored in /etc/passwd or /etc/shadow, has only two characters...
CVE-2003-0388
pamwheel in Linux-PAM 0.78, with the trust option enabled and the useuid option disabled, allows local users to spoof log entries and gain privileges by causing getlogin to return a spoofed user name...
[Full-Disclosure] iDEFENSE Security Advisory 06.16.03: Linux-PAM getlogin() Spoofing Vulnerability
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 iDEFENSE Security Advisory 06.16.03: http://www.idefense.com/advisory/06.16.03.txt Linux-PAM getlogin Spoofing Vulnerability June 16, 2003 I. BACKGROUND The Pluggable Authentication Module PAM is a flexible mechanism for authenticating users. More...
Linux-PAM privelege escalation
It's possible to spoof user's group by spoofing terminal device...
CVE-2003-0388
pamwheel in Linux-PAM 0.78, with the trust option enabled and the useuid option disabled, allows local users to spoof log entries and gain privileges by causing getlogin to return a spoofed user name...
CVE-2003-0388
pamwheel in Linux-PAM 0.78, with the trust option enabled and the useuid option disabled, allows local users to spoof log entries and gain privileges by causing getlogin to return a spoofed user name...
CVE-2003-0388
CVE-2003-0388 concerns the pam_wheel module in Linux-PAM where, if the trust option is enabled and use_uid is disabled, local users can spoof getlogin() results and potentially gain privileges. The issue affects Linux-PAM versions up to 0.77 (notably around the pam_wheel and pam_lastlog handling ...
iDEFENSE Security Advisory 2003-06-16.t
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 iDEFENSE Security Advisory 06.16.03: http://www.idefense.com/advisory/06.16.03.txt Linux-PAM getlogin Spoofing Vulnerability June 16, 2003 I. BACKGROUND The Pluggable Authentication Module PAM is a flexible mechanism for authenticating users. More...
Linux PAM 0.77 - Pam_Wheel Module getlogin() Username Spoofing Privilege Escalation
Linux PAM 0.77 - PamWheel Module getlogin Username Spoofing Privilege Escalation source: https://www.securityfocus.com/bid/7929/info A vulnerability has been discovered in the Linux-Pam pamwheel module. The problem exists in the way the module authenticates users under certain configurations...
Linux PAM 0.77 - Pam_Wheel Module 'getlogin() Username' Spoofing Privilege Escalation
source: https://www.securityfocus.com/bid/7929/info A vulnerability has been discovered in the Linux-Pam pamwheel module. The problem exists in the way the module authenticates users under certain configurations. Specifically, if the module is configured to allow wheel group members to use the 's...
CVE-2001-1190
The default PAM files included with passwd in Mandrake Linux 8.1 do not support MD5 passwords, which could result in a lower level of password security than intended...