Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2014-2583

Overview

Vulnerability Score 5.8 5.8
CVE Id CVE-2014-2583
Last Modified 11 Apr 2014 11:51:15
Published 10 Apr 2014 04:29:20
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2014-2583

Summary

Multiple directory traversal vulnerabilities in pam_timestamp.c in the pam_timestamp module for Linux-PAM (aka pam) 1.1.8 allow local users to create aribitrary files or possibly bypass authentication via a .. (dot dot) in the (1) PAM_RUSER value to the get_ruser function or (2) PAM_TTY value to the check_tty funtion, which is used by the format_timestamp_name function.

Vulnerable Systems

Application

  • Kernel Linux-pam 1.1.8


References

CONFIRM - https://git.fedorahosted.org/cgit/linux-pam.git/commit/?id=Linux-PAM-1_1_8-32-g9dcead8

BID - 66493

MLIST - [oss-security] 20140331 Re: pam_timestamp internals

MLIST - [oss-security] 20140326 Re: pam_timestamp internals

MLIST - [oss-security] 20140324 pam_timestamp internals

SECUNIA - 57317


Last Updated: 27 May 2016 11:04:54