213 matches found
SUSE-SU-2016:0972-1 Security update for salt
salt was updated to fix one security issue. This security issue was fixed: - CVE-2016-3176: Insecure configuration of PAM external authentication service. Authenticating were able to specify the PAM service bsc972436...
SUSE-SU-2016:0970-1 Security update for salt
salt was updated to fix one security issue. This security issue was fixed: - CVE-2016-3176: Insecure configuration of PAM external authentication service. Authenticating were able to specify the PAM service bsc972436...
salt -- Insecure configuration of PAM external authentication service
SaltStack reports: This issue affects all Salt versions prior to 2015.8.8/2015.5.10 when PAM external authentication is enabled. This issue involves passing an alternative PAM authentication service with a command that is sent to LocalClient, enabling the attacker to bypass the configured...
OpenVPN -- Buffer overflow in PAM authentication and DoS through port sharing
Samuli Seppänen reports: OpenVPN 2.3.11 ... fixes two vulnerabilities: a port-share bug with DoS potential and a buffer overflow by user supplied data when using pam authentication...
Scientific Linux Security Update : openssh on SL7.x x86_64 (20151119)
A flaw was found in the way OpenSSH handled PAM authentication when using privilege separation. An attacker with valid credentials on the system and able to fully compromise a non-privileged pre-authentication process using a different flaw could use this flaw to authenticate as other users...
Amazon Linux AMI : openssh (ALAS-2015-625)
A flaw was found in the way OpenSSH handled PAM authentication when using privilege separation. An attacker with valid credentials on the system and able to fully compromise a non-privileged pre-authentication process using a different flaw could use this flaw to authenticate as other users. It w...
Medium: openssh
Issue Overview: A flaw was found in the way OpenSSH handled PAM authentication when using privilege separation. An attacker with valid credentials on the system and able to fully compromise a non-privileged pre-authentication process using a different flaw could use this flaw to authenticate as...
CentOS 7 : openssh (CESA-2015:2088)
Updated openssh packages that fix multiple security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVSS base scores, which...
RedHat Update for openssh RHSA-2015:2088-06
The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
RHEL 7 : openssh (RHSA-2015:2088)
Updated openssh packages that fix multiple security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVSS base scores, which...
Ubuntu 14.04 LTS : OpenSSH regression (USN-2710-2)
The remote Ubuntu 14.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-2710-2 advisory. USN-2710-1 fixed vulnerabilities in OpenSSH. The upstream fix for CVE-2015-5600 caused a regression resulting in random authentication failures in non-default...
Ubuntu 14.04 LTS : OpenSSH vulnerabilities (USN-2710-1)
The remote Ubuntu 14.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-2710-1 advisory. Moritz Jodeit discovered that OpenSSH incorrectly handled usernames when using PAM authentication. If an additional vulnerability were discovered in the...
Ubuntu: Security Advisory (USN-2710-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
USN-2710-1 openssh vulnerabilities
Moritz Jodeit discovered that OpenSSH incorrectly handled usernames when using PAM authentication. If an additional vulnerability were discovered in the OpenSSH unprivileged child process, this issue could allow a remote attacker to perform user impersonation. CVE number pending Moritz Jodeit...
USN-2710-1: OpenSSH vulnerabilities
Moritz Jodeit discovered that OpenSSH incorrectly handled usernames when using PAM authentication. If an additional vulnerability were discovered in the OpenSSH unprivileged child process, this issue could allow a remote attacker to perform user impersonation. CVE number pending Moritz Jodeit...
CVE-2013-0191
libpam-pgsql aka pampgsql 0.7 does not properly handle a NULL value returned by the password search query, which allows remote attackers to bypass authentication via a crafted password...
openssh, pam_ssh_agent_auth security update
CentOS Errata and Security Advisory CESA-2013:1591 Updated openssh packages that fix one security issue, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having low security impact. A Common...
Oracle Linux 5 : Critical: / tog-pegasus (ELSA-2008-0002)
The remote Oracle Linux 5 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2008-0002 advisory. 2.6.1-2.el51.1.0.1 - Added pegasus-enterprise.patch to allow detection of enterprise-release 2.6.1-2.el51.1 - Fix PAM authentication buffer overflow CVE-2008-00...
Slackware: Security Advisory (SSA:2003-266-01)
The remote host is missing an update for the SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Scientific Linux Security Update : tog-pegasus on SL5.x, SL4.x i386/x86_64
During a security audit, a stack-based buffer overflow flaw was found in the PAM authentication code in the OpenPegasus CIM management server. An unauthenticated remote user could trigger this flaw and potentially execute arbitrary code with root privileges. CVE-2008-0003 Users of tog-pegasus...