42 matches found
EUVD-2014-3816
Malware in sbrugna...
EUVD-2016-8450
Malware in sbrugna...
EUVD-2009-2477
Malware in sbrugna...
EUVD-2011-4070
Malware in sbrugna...
SUSE CVE-2006-0883
OpenSSH on FreeBSD 5.3 and 5.4, when used with OpenPAM, does not properly handle when a forked child process terminates during PAM authentication, which allows remote attackers to cause a denial of service client connection refusal by connecting multiple times to the SSH server, waiting for the...
CVE-2014-3879
OpenPAM Nummularia 9.2 through 10.0 does not properly handle the error reported when an include directive refers to a policy that does not exist, which causes the loaded policy chain to no be discarded and allows context-dependent attackers to bypass authentication via a login 1 without a passwor...
Authentication flaw
OpenPAM Nummularia 9.2 through 10.0 does not properly handle the error reported when an include directive refers to a policy that does not exist, which causes the loaded policy chain to no be discarded and allows context-dependent attackers to bypass authentication via a login 1 without a passwor...
CVE-2014-3879
CVE-2014-3879 affects OpenPAM in FreeBSD’s PAM policy parser. When an include directive references a non-existent policy, the library may keep a partially loaded configuration, enabling a context-dependent bypass of authentication (login without a password or with an incorrect one). Affected: Ope...
CVE-2014-3879
OpenPAM Nummularia 9.2 through 10.0 does not properly handle the error reported when an include directive refers to a policy that does not exist, which causes the loaded policy chain to no be discarded and allows context-dependent attackers to bypass authentication via a login 1 without a passwor...
CVE-2016-7600
An issue was discovered in certain Apple products. macOS before 10.12.2 is affected. The issue involves the "OpenPAM" component, which allows local users to obtain sensitive information by leveraging mishandling of failed PAM authentication by a sandboxed app...
CVE-2016-7600
An issue was discovered in certain Apple products. macOS before 10.12.2 is affected. The issue involves the "OpenPAM" component, which allows local users to obtain sensitive information by leveraging mishandling of failed PAM authentication by a sandboxed app...
Design/Logic Flaw
An issue was discovered in certain Apple products. macOS before 10.12.2 is affected. The issue involves the "OpenPAM" component, which allows local users to obtain sensitive information by leveraging mishandling of failed PAM authentication by a sandboxed app...
CVE-2016-7600
An issue was discovered in certain Apple products. macOS before 10.12.2 is affected. The issue involves the "OpenPAM" component, which allows local users to obtain sensitive information by leveraging mishandling of failed PAM authentication by a sandboxed app...
CVE-2016-7600
CVE-2016-7600 concerns Apple macOS OpenPAM: PAM authentication within sandboxed applications could fail insecurely, allowing a local unprivileged user to gain access to privileged applications. Affected: macOS Sierra 10.12.1 (and related 10.12.x updates as per Apple security content). Root cause ...
Mac OS X 10.x < 10.12.2 Multiple Vulnerabilities
Binary data 9840.prm...
Apple macOS Sierra OpenPAM Component Information Disclosure Vulnerability
Apple macOS Sierra is a proprietary operating system developed by Apple for Mac computers. openPAM is one of the components that allows the use of loadable modules to implement administrator-defined user authentication and session management. A security vulnerability exists in the OpenPAM compone...
OpenPAM protection bypass
In some situations policy from valid location may not be loaded...
[oss-security] FreeBSD Security Advisory FreeBSD-SA-14:13.pam
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-14:13.pam Security Advisory The FreeBSD Project Topic: Incorrect error handling in PAM policy parser Category: contrib Module: pam Announced: 2014-06-03 Credits...
FreeBSD-SA-14:13.pam
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-14:13.pam Security Advisory The FreeBSD Project Topic: Incorrect error handling in PAM policy parser Category: contrib Module: pam Announced: 2014-06-03 Credits...
FreeBSD -- Incorrect error handling in PAM policy parser
Problem Description: The OpenPAM library searches for policy definitions in several locations. While doing so, the absence of a policy file is a soft failure handled by searching in the next location while the presence of an invalid file is a hard failure handled by returning an error to the...