CVE-2008-1946
published 2008-07-28CVE-2008-1946: The default configuration of su in /etc/pam.d/su in GNU coreutils 5.2.1 allows local users to gain the privileges of a (1) locked or (2) expired account by…
medium4.4CVSS 3.1
AVLACMAuNCPIPAP
The default configuration of su in /etc/pam.d/su in GNU coreutils 5.2.1 allows local users to gain the privileges of a (1) locked or (2) expired account by entering the account name on the command line, related to improper use of the pam_succeed_if.so module.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | coreutils | < coreutils 5.93-1 (bookworm) | coreutils 5.93-1 (bookworm) |
| gnu | coreutils | — | — |
| gnu | coreutils | >= 0 < 5.93-1 | 5.93-1 |
| gnu | coreutils | >= 0 < 5.93-1 | 5.93-1 |
| gnu | coreutils | >= 0 < 5.93-1 | 5.93-1 |
| gnu | coreutils | >= 0 < 5.93-1 | 5.93-1 |
CVSS provenance
nvd4.4MEDIUMAV:L/AC:M/Au:N/C:P/I:P/A:P
osv4.4MEDIUM