Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2000-0378

Overview

Vulnerability Score 7.2 7.2
CVE Id CVE-2000-0378
Last Modified 10 Sep 2008 03:04:14
Published 03 May 2000 12:00:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2000-0378

Summary

The pam_console PAM module in Linux systems performs a chown on various devices upon a user login, but an open file descriptor for those devices can be maintained after the user logs out, which allows that user to sniff activity on these devices when subsequent users log in.

Vulnerable Systems

Operating System

  • Redhat Linux 6.0

  • Redhat Linux 6.1

  • Redhat Linux 6.2


References

BID - 1176

BUGTRAQ - 20000502 pam_console bug


Last Updated: 27 May 2016 10:35:41