14 matches found
Oracle Linux 9 : pam (ELSA-2025-15099)
The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2025-15099 advisory. 1.5.1-26.0.1 - pamlimits: fix use after free in pamsmopensession Orabug: 36406534 1.5.1-26 - pamnamespace: fix potential privilege escalation. Resolve...
pam security update
1.5.1-26.0.1 - pamlimits: fix use after free in pamsmopensession Orabug: 36406534 1.5.1-26 - pamnamespace: fix potential privilege escalation. Resolves: CVE-2025-6020 and RHEL-96729...
SUSE CVE-2017-6967
xrdp 0.9.1 calls the PAM function authstartsession in an incorrect location, leading to PAM session modules not being properly initialized, with a potential consequence of incorrect configurations or elevation of privileges, aka a pamlimits.so bypass...
UBUNTU-CVE-2017-6967
xrdp 0.9.1 calls the PAM function authstartsession in an incorrect location, leading to PAM session modules not being properly initialized, with a potential consequence of incorrect configurations or elevation of privileges, aka a pamlimits.so bypass...
CVE-2006-2194
The winbind plugin in pppd for ppp 2.4.4 and earlier does not check the return code from the setuid function call, which might allow local users to gain privileges by causing setuid to fail, such as exceeding PAM limits for the maximum number of user processes, which prevents the winbind NTLM...
Ubuntu 5.04 / 5.10 / 6.06 LTS : shadow vulnerability (USN-308-1)
Ilja van Sprundel discovered that passwd, when called with the -f, -g, or -s option, did not check the result of the setuid call. On systems that configure PAM limits for the maximum number of user processes, a local attacker could exploit this to execute chfn, gpasswd, or chsh with root...
Jobs start from root when pam_limits enabled
docommand.c in Vixie cron vixie-cron 4.1 does not check the return code of a setuid call, which might allow local users to gain root privileges if setuid fails in cases such as PAM failures or resource limits, as originally demonstrated by a program that exceeds the process limits as defined in...
USN-308-1: shadow vulnerability
Ilja van Sprundel discovered that passwd, when called with the -f, -g, or -s option, did not check the result of the setuid call. On systems that configure PAM limits for the maximum number of user processes, a local attacker could exploit this to execute chfn, gpasswd, or chsh with root...
[Full-disclosure] [USN-308-1] shadow vulnerability
=========================================================== Ubuntu Security Notice USN-308-1 July 05, 2006 shadow vulnerability =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 5.04 Ubuntu 5.10 Ubuntu 6.06 LTS This advisory...
[Full-disclosure] [USN-310-1] ppp vulnerability
=========================================================== Ubuntu Security Notice USN-310-1 July 05, 2006 ppp vulnerability CVE-2006-2194 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 5.10 Ubuntu 6.06 LTS This advisory...
CVE-2006-2194
The winbind plugin in pppd for ppp 2.4.4 and earlier does not check the return code from the setuid function call, which might allow local users to gain privileges by causing setuid to fail, such as exceeding PAM limits for the maximum number of user processes, which prevents the winbind NTLM...
CVE-2006-2194
The winbind plugin in pppd for ppp 2.4.4 and earlier does not check the return code from the setuid function call, which might allow local users to gain privileges by causing setuid to fail, such as exceeding PAM limits for the maximum number of user processes, which prevents the winbind NTLM...
CVE-2006-2194
The winbind plugin in pppd for ppp 2.4.4 and earlier does not check the return code from the setuid function call, which might allow local users to gain privileges by causing setuid to fail, such as exceeding PAM limits for the maximum number of user processes, which prevents the winbind NTLM...
CVE-2006-2194
The winbind plugin in pppd for ppp 2.4.4 and earlier does not check the return code from the setuid function call, which might allow local users to gain privileges by causing setuid to fail, such as exceeding PAM limits for the maximum number of user processes, which prevents the winbind NTLM...