CVE-2007-0003 — Stack-based Buffer Overflow in Morgan Linux PAM

CWE-121 — Stack-based Buffer Overflow11 documents6 sources

Severity

7.2HIGHNVD

EPSS

0.1%

top 78.27%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Andrew Morgan Linux PAM Debian PAM

Timeline

PublishedJan 23

Latest updateMay 1

Description

pam_unix.so in Linux-PAM 0.99.7.0 allows context-dependent attackers to log into accounts whose password hash, as stored in /etc/passwd or /etc/shadow, has only two characters.

CVSS vector

AV:L/AC:L/C:C/I:C/A:CExploitability: 3.9 | Impact: 10.0

Affected Packages2 packages

▶NVDandrew_morgan/linux_pam0.99.7.0

▶debiandebian/pam

🔴Vulnerability Details

GHSA

GHSA-8cvf-cppf-5rc4: pam_unix↗2022-05-01

▶

💥Exploits & PoCs

Exploit-DB

CoreHTTP Web server 0.5.3.1 - Off-by-One Buffer Overflow↗2009-12-02

▶

📋Vendor Advisories

Red Hat

tog-pegasus pam authentication buffer overflow↗2008-01-08

▶

Red Hat

tog-pegasus pam authentication buffer overflow↗2008-01-07

▶

Debian

CVE-2007-0003: pam - pam_unix.so in Linux-PAM 0.99.7.0 allows context-dependent attackers to log into...↗2007

▶

Red Hat

CVE-2007-0003: pam_unix↗

▶

💬Community

Bugzilla

CVE-2007-1218 tcpdump denial of service↗2007-03-15

▶

Bugzilla

CVE-2007-1218 tcpdump denial of service↗2007-03-15

▶

Bugzilla

CVE-2007-1218 tcpdump denial of service↗2007-03-14

▶

Bugzilla

CVE-2007-1218 tcpdump denial of service↗2007-03-14

▶