CVE-2008-1946 — Coreutils vulnerability

CWE-2647 documents7 sources
Severity
4.4MEDIUMNVD
EPSS
0.1%
top 78.84%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
GNU Coreutils
Timeline
PublishedJul 28
Latest updateMay 1

Description

The default configuration of su in /etc/pam.d/su in GNU coreutils 5.2.1 allows local users to gain the privileges of a (1) locked or (2) expired account by entering the account name on the command line, related to improper use of the pam_succeed_if.so module.

CVSS vector

AV:L/AC:M/C:P/I:P/A:PExploitability: 3.4 | Impact: 6.4

Affected Packages2 packages

â–¶Debiangnu/coreutils< 5.93-1+3
â–¶NVDgnu/coreutils5.2.1

🔴Vulnerability Details

3
GHSA
GHSA-g5g9-cj86-gxc8: The default configuration of su in /etc/pam↗2022-05-01
â–¶
OSV
CVE-2008-1946: The default configuration of su in /etc/pam↗2008-07-28
â–¶
CVEList
CVE-2008-1946: The default configuration of su in /etc/pam↗2008-07-28
â–¶

📋Vendor Advisories

2
Red Hat
/etc/pam.d/su is wrong in RHEL-4.6↗2008-07-24
â–¶
Debian
CVE-2008-1946: coreutils - The default configuration of su in /etc/pam.d/su in GNU coreutils 5.2.1 allows l...↗2008
â–¶

💬Community

1
Bugzilla
CVE-2008-1946 /etc/pam.d/su is wrong in RHEL-4.6↗2008-05-14
â–¶
CVE-2008-1946 — GNU Coreutils vulnerability | cvebase