Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2001-1147

Overview

Vulnerability Score 7.2 7.2
CVE Id CVE-2001-1147
Last Modified 05 Sep 2008 04:25:48
Published 08 Oct 2001 12:00:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2001-1147

Summary

The PAM implementation in /bin/login of the util-linux package before 2.11 causes a password entry to be rewritten across multiple PAM calls, which could provide the credentials of one user to a different user, when used in certain PAM modules such as pam_limits.

Vulnerable Systems

Application

  • Andries Brouwer Util-linux 2.10s

  • Andries Brouwer Util-linux 2.11f

  • Andries Brouwer Util-linux 2.11h

  • Andries Brouwer Util-linux 2.11i

  • Andries Brouwer Util-linux 2.11k


References

BID - 3415

XF - utillinux-pamlimits-gain-privileges(7266)

BUGTRAQ - 20011008 pam_limits.so Bug!!

REDHAT - RHSA-2001:132

SUSE - SuSE-SA:2001:034

MANDRAKE - MDKSA-2001:084

CIAC - M-009


Last Updated: 27 May 2016 10:36:32