Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-2516

Overview

Vulnerability Score 4.6 4.6
CVE Id CVE-2008-2516
Last Modified 07 Mar 2011 10:09:18
Published 03 Jun 2008 10:32:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2008-2516

Summary

pam_sm_authenticate in pam_pgsql.c in libpam-pgsql 0.6.3 does not properly consider operator precedence when evaluating the success of a pam_get_pass function call, which allows local users to gain privileges via a SIGINT signal when this function is executing, as demonstrated by a CTRL-C sequence at a sudo password prompt in an "auth sufficient pam_pgsql.so" configuration.

Vulnerable Systems

Application

  • Libpam-pgsql 0.6.3


References

XF - libpampgsql-pamsm-security-bypass(42653)

VUPEN - ADV-2008-1654

SECTRACK - 1020111

BID - 29360

CONFIRM - http://sourceforge.net/project/shownotes.php?release_id=601775

SECUNIA - 30391

CONFIRM - http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=481970


Last Updated: 27 May 2016 10:47:54