Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2014-2583


Vulnerability Score 5.8 5.8
CVE Id CVE-2014-2583
Last Modified 11 Apr 2014 11:51:15
Published 10 Apr 2014 04:29:20
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE



Multiple directory traversal vulnerabilities in pam_timestamp.c in the pam_timestamp module for Linux-PAM (aka pam) 1.1.8 allow local users to create aribitrary files or possibly bypass authentication via a .. (dot dot) in the (1) PAM_RUSER value to the get_ruser function or (2) PAM_TTY value to the check_tty funtion, which is used by the format_timestamp_name function.

Vulnerable Systems


  • Kernel Linux-pam 1.1.8



BID - 66493

MLIST - [oss-security] 20140331 Re: pam_timestamp internals

MLIST - [oss-security] 20140326 Re: pam_timestamp internals

MLIST - [oss-security] 20140324 pam_timestamp internals

SECUNIA - 57317

Last Updated: 27 May 2016 11:04:54