CVE-2007-0003
published 2007-01-23CVE-2007-0003: pam_unix.so in Linux-PAM 0.99.7.0 allows context-dependent attackers to log into accounts whose password hash, as stored in /etc/passwd or /etc/shadow, has…
PriorityP423high7.2CVSS 2.0
AVLACLAuNCCICAC
EPSS
0.39%
31.2th percentile
pam_unix.so in Linux-PAM 0.99.7.0 allows context-dependent attackers to log into accounts whose password hash, as stored in /etc/passwd or /etc/shadow, has only two characters.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| andrew_morgan | linux_pam | — | — |
| debian | pam | — | — |
CVSS provenance
nvdv2.07.2HIGHAV:L/AC:L/Au:N/C:C/I:C/A:C
vendor_redhat7.5HIGH
vendor_debian7.2LOW
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-8cvf-cppf-5rc4: pam_unix
ghsa_unreviewed·2022-05-01
CVE-2007-0003 [HIGH] GHSA-8cvf-cppf-5rc4: pam_unix
pam_unix.so in Linux-PAM 0.99.7.0 allows context-dependent attackers to log into accounts whose password hash, as stored in /etc/passwd or /etc/shadow, has only two characters.
Red Hat
tog-pegasus pam authentication buffer overflow
vendor_redhat·2008-01-08·CVSS 7.5
CVE-2007-5360 [HIGH] tog-pegasus pam authentication buffer overflow
tog-pegasus pam authentication buffer overflow
Buffer overflow in OpenPegasus Management server, when compiled to use PAM and with PEGASUS_USE_PAM_STANDALONE_PROC defined, as used in VMWare ESX Server 3.0.1 and 3.0.2, might allow remote attackers to execute arbitrary code via vectors related to PAM authentication, a different vulnerability than CVE-2008-0003.
Statement: Not vulnerable. This issue did not affect versions of tog-pegasus as shipped with Red Hat Enterprise Linux 4, or 5. For more details see https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2007-5360
Red Hat
tog-pegasus pam authentication buffer overflow
vendor_redhat·2008-01-07·CVSS 7.5
CVE-2008-0003 [HIGH] CWE-121 tog-pegasus pam authentication buffer overflow
tog-pegasus pam authentication buffer overflow
Stack-based buffer overflow in the PAMBasicAuthenticator::PAMCallback function in OpenPegasus CIM management server (tog-pegasus), when compiled to use PAM and without PEGASUS_USE_PAM_STANDALONE_PROC defined, might allow remote attackers to execute arbitrary code via unknown vectors, a different vulnerability than CVE-2007-5360.
Mitigation: The tog-pegasus package is not installed by default on Red Hat Enterprise Linux.
tog-pegasus supplied by Red Hat binds only to one port (as plain http is
disabled), port 5989. The default firewall installed by Red Hat Enterprise
Linux will block remote access to this port. In normal use it's unlikely you'd
want to have this port accessible outside of an intranet anyway, and it's likely
to be blocked by en
Debian
CVE-2007-0003: pam - pam_unix.so in Linux-PAM 0.99.7.0 allows context-dependent attackers to log into...
vendor_debian·2007·CVSS 7.2
CVE-2007-0003 [HIGH] CVE-2007-0003: pam - pam_unix.so in Linux-PAM 0.99.7.0 allows context-dependent attackers to log into...
pam_unix.so in Linux-PAM 0.99.7.0 allows context-dependent attackers to log into accounts whose password hash, as stored in /etc/passwd or /etc/shadow, has only two characters.
Scope: local
bookworm: resolved
bullseye: resolved
forky: resolved
sid: resolved
trixie: resolved
Red Hat
CVE-2007-0003: pam_unix
vendor_redhat·CVSS 7.2
CVE-2007-0003 [HIGH] CVE-2007-0003: pam_unix
pam_unix.so in Linux-PAM 0.99.7.0 allows context-dependent attackers to log into accounts whose password hash, as stored in /etc/passwd or /etc/shadow, has only two characters.
Statement: Not vulnerable. These issues did not affect the versions of pam as shipped with Red Hat Enterprise Linux 2.1, 3, or 4.
No detection rules found.
Bugzilla
CVE-2007-1218 tcpdump denial of service
bugzilla·2007-03-15·CVSS 6.8
CVE-2007-1218 [MEDIUM] CVE-2007-1218 tcpdump denial of service
CVE-2007-1218 tcpdump denial of service
+++ This bug was initially created as a clone of Bug #232347 +++
A potential denial of service flaw due to a single byte overflow was found in
the way tcpdump processes 802.11 packets:
http://seclists.org/fulldisclosure/2007/Mar/0003.html
The upstream patch is here:
http://cvs.tcpdump.org/cgi-bin/cvsweb/tcpdump/print-802_11.c?r1=1.42&r2=1.43
From inspecting our packages it seems that the initial, incorrect test isn't
even present, which still leaves our packages vulnerable to this flaw.
-- Additional comment from [email protected] on 2007-03-14 17:12 EST --
This flaw also affects RHEL 3 and RHEL4. The code in question is not present in
RHEL 2.1
Discussion:
Can we get this into 3.9?
---
Closing after years of inactivity.
Bugzilla
CVE-2007-1218 tcpdump denial of service
bugzilla·2007-03-15·CVSS 6.8
CVE-2007-1218 [MEDIUM] CVE-2007-1218 tcpdump denial of service
CVE-2007-1218 tcpdump denial of service
+++ This bug was initially created as a clone of Bug #232347 +++
A potential denial of service flaw due to a single byte overflow was found in
the way tcpdump processes 802.11 packets:
http://seclists.org/fulldisclosure/2007/Mar/0003.html
The upstream patch is here:
http://cvs.tcpdump.org/cgi-bin/cvsweb/tcpdump/print-802_11.c?r1=1.42&r2=1.43
From inspecting our packages it seems that the initial, incorrect test isn't
even present, which still leaves our packages vulnerable to this flaw.
-- Additional comment from [email protected] on 2007-03-14 17:12 EST --
This flaw also affects RHEL 3 and RHEL4. The code in question is not present in
RHEL 2.1
Discussion:
Can we get this into 4.6?
Cheers!
Fábio
---
This request was evaluated by Red Hat P
Bugzilla
CVE-2007-1218 tcpdump denial of service
bugzilla·2007-03-14·CVSS 6.8
CVE-2007-1218 [MEDIUM] CVE-2007-1218 tcpdump denial of service
CVE-2007-1218 tcpdump denial of service
+++ This bug was initially created as a clone of Bug #232347 +++
A potential denial of service flaw due to a single byte overflow was found in
the way tcpdump processes 802.11 packets:
http://seclists.org/fulldisclosure/2007/Mar/0003.html
The upstream patch is here:
http://cvs.tcpdump.org/cgi-bin/cvsweb/tcpdump/print-802_11.c?r1=1.42&r2=1.43
From inspecting our packages it seems that the initial, incorrect test isn't
even present, which still leaves our packages vulnerable to this flaw.
Discussion:
This flaw should also affect FC5 and the upcoming FC7
---
Fixed in
tcpdump-3.9.4-4.fc5
tcpdump-3.9.4-10.fc6
tcpdump-3.9.5-3.fc7
Bugzilla
CVE-2007-1218 tcpdump denial of service
bugzilla·2007-03-14·CVSS 6.8
CVE-2007-1218 [MEDIUM] CVE-2007-1218 tcpdump denial of service
CVE-2007-1218 tcpdump denial of service
A potential denial of service flaw due to a single byte overflow was found in
the way tcpdump processes 802.11 packets:
http://seclists.org/fulldisclosure/2007/Mar/0003.html
The upstream patch is here:
http://cvs.tcpdump.org/cgi-bin/cvsweb/tcpdump/print-802_11.c?r1=1.42&r2=1.43
From inspecting our packages it seems that the initial, incorrect test isn't
even present, which still leaves our packages vulnerable to this flaw.
Discussion:
This flaw also affects RHEL 3 and RHEL4. The code in question is not present in
RHEL 2.1
---
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the upda
http://osvdb.org/32017http://secunia.com/advisories/23858http://www.novell.com/linux/security/advisories/2007_3_sr.htmlhttp://www.redhat.com/archives/fedora-devel-list/2007-January/msg01271.htmlhttp://www.redhat.com/archives/fedora-devel-list/2007-January/msg01277.htmlhttp://www.securityfocus.com/bid/22204http://www.vupen.com/english/advisories/2007/0323https://exchange.xforce.ibmcloud.com/vulnerabilities/31739https://www.redhat.com/archives/pam-list/2007-January/msg00017.htmlhttp://osvdb.org/32017http://secunia.com/advisories/23858http://www.novell.com/linux/security/advisories/2007_3_sr.htmlhttp://www.redhat.com/archives/fedora-devel-list/2007-January/msg01271.htmlhttp://www.redhat.com/archives/fedora-devel-list/2007-January/msg01277.htmlhttp://www.securityfocus.com/bid/22204http://www.vupen.com/english/advisories/2007/0323https://exchange.xforce.ibmcloud.com/vulnerabilities/31739https://www.redhat.com/archives/pam-list/2007-January/msg00017.html
2007-01-23
Published