4 matches found
Scientific Linux Security Update : coreutils on SL4.x i386/x86_64
The coreutils packages were found to not use the pamsucceedif Pluggable Authentication Module PAM correctly in the configuration file for the 'su' command. Any local user could use this command to change to a locked or expired user account if the target account's password was known to the user...
CVE-2008-1946
The CVE-2008-1946 entry concerns GNU coreutils 5.2.1 where the default PAM config for su in /etc/pam.d/su mishandles pam_succeed_if.so, enabling any local user to switch to a locked or expired account by supplying an account name on the command line. Concrete details show the affected component (...
GNU Coreutils 'pam_succeed_if' PAM本地验证绕过漏洞
BUGTRAQ ID: 30363 CVE ID:CVE-2008-1946 CNCVE ID:CNCVE-20081946 GNU Coreutils是一款提供一整套基本的shell工具的软件包。 GNU Coreutils存在验证绕过问题,本地攻击者可以利用漏洞运行'su'命令来获得对锁住或过期帐户的访问。 配置文件中针对"su"命令没有正确的使用pamsucceedif PAM,如果目标帐户的密码被运行"su"命令的用户知道的情况下,可使用此命令更改锁住或过期用户帐户。 RedHat Enterprise Linux WS 4 RedHat Enterprise Linux ES ...
Low: Red Hat Security Advisory: coreutils security update
Updated coreutils packages that fix a security issue are now available for Red Hat Enterprise Linux 4. This update has been rated as having low security impact by the Red Hat Security Response Team. The coreutils package contains the core GNU utilities. It is the combination of the old GNU...