EUVD-2000-0377

Malware in sbrugna...

Conectiva 4.x/5.x,RedHat 6.x pam_console Remote User Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/1513/info There is a vulnerability in the Linux pamconsole module that could allow an attacker to remotely reboot the workstation or perform other actions limited to local users. If a workstation is configured to use a...

RedHat Linux 6.0/6.1/6.2 pam_console Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/1176/info A vulnerability exists in the pamconsole PAM module, included as part of any Linux system running PAM. pamconsole exists to own certain devices to users logging in to the console of a Linux machine. It is design...

Mandrake Linux Security Advisory : pam (MDKSA-2000:029)

There is a problem with the pamconsole module that incorrectly identifies remote X logins for displays other than :0 for example, :1, :2, etc. as being local displays, thus giving control of the console to the remote user. Because the remote user has control of the console they are able to issue...

Scientific Linux Security Update : pam on SL4.x i386/x86_64

A flaw was found in the way pamconsole set console device permissions. It was possible for various console devices to retain ownership of the console user after logging out, possibly leaking information to another local user. CVE-2007-1716 A flaw was found in the way the PAM library wrote account...

Scientific Linux Security Update : pam on SL3.x i386/x86_64

A flaw was found in the way the Linux kernel handled certain SGIO commands. Console users with access to certain device files had the ability to damage recordable CD drives. The way pamconsole handled permissions of these files has been modified to disallow access. This change also required...

security flaw

pamconsole does not properly restore ownership for certain console devices when there are multiple users logged into the console and one user logs out, which might allow local users to gain privileges...

security flaw

pamconsole does not properly restore ownership for certain console devices when there are multiple users logged into the console and one user logs out, which might allow local users to gain privileges...

Moderate: pam security and bug fix update

cdrtools-2.01.0.a32-0.EL3.6 2.01.0.a32-0.EL3.6 - fix for CVE-2004-0813 - cdrecord and readcd are now suid, but with a pamconsole check - Resolves: rhbz232096 2.01.0.a32-0.EL3.3 - fix for CAN-2005-0866 "cdrecord insecure temporary file" 2.01.0.a32-0.EL3.2 - added patch for CAN-2004-0806, if s.o. w...

CentOS 3 : pam (CESA-2007:0465)

Updated pam packages that resolves several bugs and security flaws are now available for Red Hat Enterprise Linux 3. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Pluggable Authentication Modules PAM provide a system whereby administrators ca...

security flaw

pamconsole does not properly restore ownership for certain console devices when there are multiple users logged into the console and one user logs out, which might allow local users to gain privileges...

Moderate: Red Hat Security Advisory: pam security and bug fix update

Updated pam packages that resolves several bugs and security flaws are now available for Red Hat Enterprise Linux 3. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Pluggable Authentication Modules PAM provide a system whereby administrators ca...

Linux pam_console privilege escalation

Invalid device permissions handling if few users are logged in...

Code injection

pamconsole does not properly restore ownership for certain console devices when there are multiple users logged into the console and one user logs out, which might allow local users to gain privileges...

CVE-2007-1716

pamconsole does not properly restore ownership for certain console devices when there are multiple users logged into the console and one user logs out, which might allow local users to gain privileges...

CVE-2007-1716

pamconsole does not properly restore ownership for certain console devices when there are multiple users logged into the console and one user logs out, which might allow local users to gain privileges...

CVE-2007-1716

CVE-2007-1716 affects pam_console: a flaw where console device ownership wasn’t properly restored after a user logs out on multi-user consoles, potentially allowing a local user to gain privileges. The issue stems from pam_console handling of console file permissions, enabling leakage of console ...

CVE-2000-0668

pamconsole PAM module in Linux systems allows a user to access the system console and reboot the system when a display manager such as gdm or kdm has XDMCP enabled...

CVE-2000-0378

The pamconsole PAM module in Linux systems performs a chown on various devices upon a user login, but an open file descriptor for those devices can be maintained after the user logs out, which allows that user to sniff activity on these devices when subsequent users log in...

CVE-2000-0668

CVE-2000-0668 affects the Linux pam_console PAM module when a display manager (gdm or kdm) has XDMCP enabled. The vulnerability allows a user to access the system console and reboot the system, with a Medium severity (CVSS v2 base score 5.0) and a Partial availability impact. The provided sources...