Lucene search
K

4 matches found

Tenable Nessus
Tenable Nessus
added 2012/08/01 12:0 a.m.24 views

Scientific Linux Security Update : coreutils on SL4.x i386/x86_64

The coreutils packages were found to not use the pamsucceedif Pluggable Authentication Module PAM correctly in the configuration file for the 'su' command. Any local user could use this command to change to a locked or expired user account if the target account's password was known to the user...

4.4CVSS5.4AI score0.00313EPSS
Exploits2References2
CVE
CVE
added 2008/07/28 5:0 p.m.68 views

CVE-2008-1946

The CVE-2008-1946 entry concerns GNU coreutils 5.2.1 where the default PAM config for su in /etc/pam.d/su mishandles pam_succeed_if.so, enabling any local user to switch to a locked or expired account by supplying an account name on the command line. Concrete details show the affected component (...

4.4CVSS6.2AI score0.00313EPSS
Exploits2References6Affected Software1
seebug.org
seebug.org
added 2008/07/28 12:0 a.m.26 views

GNU Coreutils 'pam_succeed_if' PAM本地验证绕过漏洞

BUGTRAQ ID: 30363 CVE ID:CVE-2008-1946 CNCVE ID:CNCVE-20081946 GNU Coreutils是一款提供一整套基本的shell工具的软件包。 GNU Coreutils存在验证绕过问题,本地攻击者可以利用漏洞运行'su'命令来获得对锁住或过期帐户的访问。 配置文件中针对"su"命令没有正确的使用pamsucceedif PAM,如果目标帐户的密码被运行"su"命令的用户知道的情况下,可使用此命令更改锁住或过期用户帐户。 RedHat Enterprise Linux WS 4 RedHat Enterprise Linux ES ...

4.4CVSS6.3AI score0.00313EPSS
Exploits2
RedHat Linux
RedHat Linux
added 2008/07/24 5:2 p.m.27 views

Low: Red Hat Security Advisory: coreutils security update

Updated coreutils packages that fix a security issue are now available for Red Hat Enterprise Linux 4. This update has been rated as having low security impact by the Red Hat Security Response Team. The coreutils package contains the core GNU utilities. It is the combination of the old GNU...

4.4CVSS5.7AI score0.00313EPSS
Exploits2References2
Rows per page
Query Builder