251 matches found
Debian DSA-388-1 : kdebase - several vulnerabilities
Two vulnerabilities were discovered in kdebase : - CAN-2003-0690 : KDM in KDE 3.1.3 and earlier does not verify whether the pamsetcred function call succeeds, which may allow attackers to gain root privileges by triggering error conditions within PAM modules, as demonstrated in certain...
SUSE-SA:2003:036: pam_smb
The remote host is missing the patch for the advisory SUSE-SA:2003:036 pamsmb. The PAM module and server pamsmb allows users of Linux systems to be authenticated by querying an NT server. Dave Airlie informed us about a bug in the authentication code of pamsmb that allows a remote attacker to gai...
EEYE: Internet Security Systems PAM ICQ Server Response Processing Vulnerability
Internet Security Systems PAM ICQ Server Response Processing Vulnerability Release Date: March 18, 2004 Date Reported: March 8, 2004 Severity: High Remote Code Execution Vendor: Internet Security Systems Systems Affected: RealSecure Network 7.0, XPU 22.11 and before RealSecure Server Sensor 7.0 X...
Important: Red Hat Security Advisory: : Updated XFree86 packages provide security and bug fixes
Updated XFree86 packages for Red Hat Linux 9 provide security fixes to font libraries and XDM. XFree86 is an implementation of the X Window System providing the core graphical user interface and video drivers in Red Hat Linux. XDM is the X display manager. Multiple integer overflows in the transf...
Moderate: Red Hat Security Advisory: : Updated KDE packages fix security issues
Updated KDE packages that resolve a local security issue with KDM PAM support and weak session cookie generation are now available. KDE is a graphical desktop environment for the X Window System. KDE between versions 2.2.0 and 3.1.3 inclusive contain a bug in the KDE Display Manager KDM when...
RUS-CERT Advisory 2001-09:01
Vulnerabilities in PAM and NSS modules using a PostgreSQL database During investigating the problem described in RUS-CERT Advisory 2001-08:01, it became evident that a few PAM and NSS modules which use PostgreSQL as database backend are vulnerable to SQL code injections attacks, too. Systems...
CVE-2000-1189
Buffer overflow in pamlocaluser PAM module in Red Hat Linux 7.x and 6.x allows attackers to gain privileges...
CVE-2000-0378
The vulnerability CVE-2000-0378 affects the pam_console PAM module in Linux systems. It arises because the module performs a chown on various devices at user login, and an open file descriptor for those devices can remain open after logout. This allows the user to sniff activity on those devices ...
CVE-2000-0668
CVE-2000-0668 affects the Linux pam_console PAM module when a display manager (gdm or kdm) has XDMCP enabled. The vulnerability allows a user to access the system console and reboot the system, with a Medium severity (CVSS v2 base score 5.0) and a Partial availability impact. The provided sources...
CVE-2000-0378
The pamconsole PAM module in Linux systems performs a chown on various devices upon a user login, but an open file descriptor for those devices can be maintained after the user logs out, which allows that user to sniff activity on these devices when subsequent users log in...
PT-2010-5671 · Linux +1 · Linux-Pam +1
Name of the Vulnerable Software and Affected Versions: Linux-PAM versions prior to 1.1.2 Description: The issue is related to the run coprocess function in pam xauth.c in the pam xauth module, which does not check the return values of the setuid, setgid, and setgroups system calls. This might all...