CVE-2006-7108
published 2007-03-04CVE-2006-7108: login in util-linux-2.12a skips pam_acct_mgmt and chauth_tok when authentication is skipped, such as when a Kerberos krlogin session has been established…
medium4.1CVSS 3.1
AVLACMAuSCPIPAP
login in util-linux-2.12a skips pam_acct_mgmt and chauth_tok when authentication is skipped, such as when a Kerberos krlogin session has been established, which might allow users to bypass intended access policies that would be enforced by pam_acct_mgmt and chauth_tok.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| andries_brouwer | util-linux | — | — |
| debian | util-linux | < util-linux 2.17.2-9 (bookworm) | util-linux 2.17.2-9 (bookworm) |
| kernel | util-linux | >= 0 < 2.17.2-9 | 2.17.2-9 |
| kernel | util-linux | >= 0 < 2.17.2-9 | 2.17.2-9 |
| kernel | util-linux | >= 0 < 2.17.2-9 | 2.17.2-9 |
| kernel | util-linux | >= 0 < 2.17.2-9 | 2.17.2-9 |
CVSS provenance
nvd4.1MEDIUMAV:L/AC:M/Au:S/C:P/I:P/A:P
osv4.1MEDIUM