CVE-2004-1340 — Libpam-radius-auth vulnerability

4 documents4 sources

Severity

2.1LOWNVD

EPSS

0.1%

top 82.08%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Debian Libpam-radius-auth Debian Linux

Timeline

PublishedJan 26

Latest updateApr 29

Description

Debian GNU/Linux 3.0 installs the libpam-radius-auth package with the pam_radius_auth.conf set to be world-readable, which allows local users to obtain sensitive information.

CVSS vector

AV:L/AC:L/C:P/I:N/A:NExploitability: 3.9 | Impact: 2.9

Affected Packages1 packages

▶debiandebian/libpam-radius-auth< libpam-radius-auth 1.3.16-1.1 (bookworm)

Also affects: Debian Linux 3.0

Patches

Patch: www.debian.org ↗Patch: www.debian.org ↗

🔴Vulnerability Details

GHSA

GHSA-h27v-rv3m-525h: Debian GNU/Linux 3↗2022-04-29

▶

OSV

CVE-2004-1340: Debian GNU/Linux 3↗2005-01-26

▶

📋Vendor Advisories

Debian

CVE-2004-1340: libpam-radius-auth - Debian GNU/Linux 3.0 installs the libpam-radius-auth package with the pam_radius...↗2004

▶