18 matches found
EUVD-2022-25083
Malicious code in bioql PyPI...
CVE-2022-1804
accountsservice no longer drops permissions when writting .pamenvironment...
CVE-2022-1804 Accountsservice incorrectly drops privileges
accountsservice no longer drops permissions when writting .pamenvironment...
CVE-2022-1804
accountsservice no longer drops permissions when writting .pamenvironment...
Privilege Escalation
accountsservice is vulnerable to privilege escalation. The vulnerability exists because the library does not check permission whet writes to .pamenvironment...
UBUNTU-CVE-2022-1804
accountsservice no longer drops permissions when writting .pamenvironment...
CVE-2020-16127 accountsservice .pam_environment infinite loop
An Ubuntu-specific modification to AccountsService in versions before 0.6.55-0ubuntu13.2, among other earlier versions, would perform unbounded read operations on user-controlled /.pamenvironment files, allowing an infinite loop if /dev/zero is symlinked to this location...
F5 Networks BIG-IP : OpenSSH vulnerability (K20911042)
The dosetupenv function in session.c in sshd in OpenSSH through 7.2p2, when the UseLogin feature is enabled and PAM is configured to read .pamenvironment files in user home directories, allows local users to gain privileges by triggering a crafted environment for the /bin/login program, as...
Updated openssh packages fix security vulnerability
The dosetupenv function in session.c in sshd in OpenSSH through 7.2p2, when the UseLogin feature is enabled and PAM is configured to read .pamenvironment files in user home directories, allows local users to gain privileges by triggering a crafted environment for the /bin/login program, as...
CVE-2015-8325
The dosetupenv function in session.c in sshd in OpenSSH through 7.2p2, when the UseLogin feature is enabled and PAM is configured to read .pamenvironment files in user home directories, allows local users to gain privileges by triggering a crafted environment for the /bin/login program, as...
CVE-2015-8325
The dosetupenv function in session.c in sshd in OpenSSH through 7.2p2, when the UseLogin feature is enabled and PAM is configured to read .pamenvironment files in user home directories, allows local users to gain privileges by triggering a crafted environment for the /bin/login program, as...
CVE-2011-3148
Stack-based buffer overflow in the assembleline function in modules/pamenv/pamenv.c in Linux-PAM aka pam before 1.1.5 allows local users to cause a denial of service crash and possibly execute arbitrary code via a long string of white spaces at the beginning of the /.pamenvironment file...
CVE-2010-4708
The pamenv module in Linux-PAM aka pam 1.1.2 and earlier reads the .pamenvironment file in a user's home directory, which might allow local users to run programs with an unintended environment by executing a program that relies on the pamenv PAM check...
CVE-2010-4708
The pamenv module in Linux-PAM aka pam 1.1.2 and earlier reads the .pamenvironment file in a user's home directory, which might allow local users to run programs with an unintended environment by executing a program that relies on the pamenv PAM check...
Privilege escalation
The privilege-dropping implementation in the 1 pamenv and 2 pammail modules in Linux-PAM aka pam 1.1.2 does not perform the required setfsgid and setgroups system calls, which might allow local users to obtain sensitive information by leveraging unintended group permissions, as demonstrated by a...
CVE-2010-4708
The pamenv module in Linux-PAM aka pam 1.1.2 and earlier reads the .pamenvironment file in a user's home directory, which might allow local users to run programs with an unintended environment by executing a program that relies on the pamenv PAM check...
CVE-2010-4708
CVE-2010-4708 affects Linux-PAM (pam) up to version 1.1.2, with the pam_env module reading a user’s .pam_environment file and potentially allowing local users to run programs with an unintended environment. Connected sources corroborate the vulnerability in pam_env and indicate the affected range...
CVE-2010-3430
The privilege-dropping implementation in the 1 pamenv and 2 pammail modules in Linux-PAM aka pam 1.1.2 does not perform the required setfsgid and setgroups system calls, which might allow local users to obtain sensitive information by leveraging unintended group permissions, as demonstrated by a...