3495 matches found
CVE-2001-1190
The default PAM files included with passwd in Mandrake Linux 8.1 do not support MD5 passwords, which could result in a lower level of password security than intended...
FreeBSD-SA-02:14.pam-pgsql
-----BEGIN PGP SIGNED MESSAGE----- ============================================================================= FreeBSD-SA-02:14 Security Advisory FreeBSD, Inc. Topic: pam-pgsql port authentication bypass Category: ports Module: pam-pgsql Announced: 2002-03-12 Credits: Jacques A. Vidrine Affects...
CVE-2001-1068
CVE-2001-1068 affects qpopper 4.01 with PAM-based authentication on Red Hat systems. The issue is an information disclosure in authentication: when an invalid username is supplied, the system returns a different error message than for a valid username, enabling remote attackers to enumerate valid...
Переполнение буфера в AXSpawn-pam (buffer overflow)
No description provided...
CVE-2001-1190
The default PAM files included with passwd in Mandrake Linux 8.1 do not support MD5 passwords, which could result in a lower level of password security than intended...
OpenSSH does not initialize PAM session thereby allowing PAM restrictions to be bypassed
Overview OpenSSH is an implementation of the Secure Shell SSH protocol. It can be configured to use Linux Pluggable Authentication Modules PAM for added authentication. A vulnerability exists in OpenSSH, and perhaps other implementations of SSH, which can allow to potentially bypass PAM...
Important: Red Hat Security Advisory: : New util-linux packages available to fix /bin/login pam problem
New util-linux packages are available that fix a problem with /bin/login's PAM implementation. This could, in some non-default setups, cause users to receive credentials of other users. It is recommended that all users update to the fixed packages. 2001-10-22: Packages are now available for Red H...
CVE-2001-1147
The PAM implementation in /bin/login of the util-linux package before 2.11 causes a password entry to be rewritten across multiple PAM calls, which could provide the credentials of one user to a different user, when used in certain PAM modules such as pamlimits...
Модификация SQL-запроса во многих модулях авторизации Apache, PAM и т.д.
Ввод пользователя не проверяется на наличие служебных символов SQL...
CVE-1999-1158
Buffer overflow in 1 pluggable authentication module PAM on Solaris 2.5.1 and 2.5 and 2 unixscheme in Solaris 2.4 and 2.3 allows local users to gain root privileges via programs that use these modules such as passwd, yppasswd, and nispasswd...
CVE-1999-1346
PAM configuration file for rlogin in Red Hat Linux 6.1 and earlier includes a less restrictive rule before a more restrictive one, which allows users to access the host via rlogin even if rlogin has been explicitly disabled using the /etc/nologin file...
CVE-1999-1346
CVE-1999-1346 affects PAM configuration for rlogin on Red Hat Linux 6.1 and earlier. A less restrictive PAM rule precedes a more restrictive one, allowing users to access the host via rlogin even if /etc/nologin has disabled it. The impact, as described, includes access to the host with potential...
CVE-1999-1348
Linuxconf on Red Hat Linux 6.0 and earlier does not properly disable PAM-based access to the shutdown command, which could allow local users to cause a denial of service...
CVE-1999-1158
CVE-1999-1158 describes a buffer overflow in Solaris PAM (versions 2.5.1/2.5) and unix_scheme (Solaris 2.3/2.4) that lets local users gain root privileges through programs that use these modules (e.g., passwd, yppasswd, nispasswd). The root cause is a buffer overflow in the affected modules, enab...
CVE-1999-1348
Technical details about CVE-1999-1348 are not publicly provided in the supplied documents. Monitor for updates; the available records describe the issue at a high level without specific impact, affected products, or remediation.
RUS-CERT Advisory 2001-09:01
Vulnerabilities in PAM and NSS modules using a PostgreSQL database During investigating the problem described in RUS-CERT Advisory 2001-08:01, it became evident that a few PAM and NSS modules which use PostgreSQL as database backend are vulnerable to SQL code injections attacks, too. Systems...
CVE-2001-1369
Leon J Breedt pam-pgsql before 0.5.2 allows remote attackers to execute arbitrary SQL code and bypass authentication or modify user account records by injecting SQL statements into user or password fields...
Проблемы с PAM в Qpopper (information leakage)
При использовании pam выдаются разные сообщения об ошибке при неверном пароле и несуществующем пользователе...
qpopper and pam.d
Hello, Take a look at the two sessions I have with Qpopper on a Redhat Linux 7.x box from an RPM package of version 4.0.1. Existing account: root@bart /etc telnet 10.10.10.1 110 Trying 10.10.10.1... Connected to 10.10.10.1. Escape character is '^'. +OK ready [email protected] user...
CVE-2001-1459
OpenSSH 2.9 and earlier does not initiate a Pluggable Authentication Module PAM session if commands are executed with no pty, which allows local users to bypass resource limits rlimits set in pam.d...