CVE-2014-2583Path Traversal in Linux-pam

CWE-22Path Traversal11 documents7 sources
Severity
5.8MEDIUMNVD
OSV4.3
EPSS
1.5%
top 18.79%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
PAMDebian PAMLinux-pam
Timeline
PublishedApr 10
Latest updateMay 14

Description

Multiple directory traversal vulnerabilities in pam_timestamp.c in the pam_timestamp module for Linux-PAM (aka pam) 1.1.8 allow local users to create arbitrary files or possibly bypass authentication via a .. (dot dot) in the (1) PAM_RUSER value to the get_ruser function or (2) PAM_TTY value to the check_tty function, which is used by the format_timestamp_name function.

CVSS vector

AV:N/AC:M/C:P/I:P/A:NExploitability: 8.6 | Impact: 4.9

Affected Packages4 packages

debiandebian/pam< pam 1.1.8-3.1 (bookworm)
Debianpam/pam< 1.1.8-3.1+3
Ubuntupam/pam< 1.1.8-1ubuntu2.2+1

Patches

Patch: git.fedorahosted.orgPatch: git.fedorahosted.org

🔴Vulnerability Details

4
GHSA
GHSA-p526-qhf4-2v4r: Multiple directory traversal vulnerabilities in pam_timestamp2022-05-14
OSV
pam regression2016-03-16
OSV
pam vulnerabilities2016-03-16
OSV
CVE-2014-2583: Multiple directory traversal vulnerabilities in pam_timestamp2014-04-10

📋Vendor Advisories

5
Ubuntu
PAM regression2016-03-17
Ubuntu
PAM regression2016-03-16
Ubuntu
PAM vulnerabilities2016-03-16
Red Hat
pam: path traversal issue in pam_timestamp's format_timestamp_name()2014-03-24
Debian
CVE-2014-2583: pam - Multiple directory traversal vulnerabilities in pam_timestamp.c in the pam_times...2014

💬Community

1
Bugzilla
CVE-2014-2583 pam: path traversal issue in pam_timestamp's format_timestamp_name()2014-03-25
CVE-2014-2583 — Path Traversal in Linux-pam | cvebase