Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-1946

Overview

Vulnerability Score 4.4 4.4
CVE Id CVE-2008-1946
Last Modified 21 Aug 2010 01:19:47
Published 28 Jul 2008 01:41:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector LOCAL
Access Complexity MEDIUM
Authentication NONE

CVE-2008-1946

Summary

The default configuration of su in /etc/pam.d/su in GNU coreutils 5.2.1 allows local users to gain the privileges of a (1) locked or (2) expired account by entering the account name on the command line, related to improper use of the pam_succeed_if.so module.

Vulnerable Systems

Application

  • Gnu Coreutils 5.2.1


References

XF - coreutils-pamsucceedif-security-bypass(43993)

BID - 30363

SECTRACK - 1020552

SECUNIA - 31225

REDHAT - RHSA-2008:0780


Last Updated: 27 May 2016 10:47:42