Debian Pam vulnerabilities

CVE-2010-4708 [HIGH] CVE-2010-4708: pam - The pam_env module in Linux-PAM (aka pam) 1.1.2 and earlier reads the .pam_envir... The pam_env module in Linux-PAM (aka pam) 1.1.2 and earlier reads the .pam_environment file in a user's home directory, which might allow local users to run programs with an unintended environment by executing a program that relies on the pam_env PAM check. Scope: local bookworm: resolved (fixed in 1.1.3-7.1) bullseye: resolved (fixed in 1.1.3-7.1) forky: resolved (fixed

CVE-2010-3316 [LOW] CVE-2010-3316: pam - The run_coprocess function in pam_xauth.c in the pam_xauth module in Linux-PAM (... The run_coprocess function in pam_xauth.c in the pam_xauth module in Linux-PAM (aka pam) before 1.1.2 does not check the return values of the setuid, setgid, and setgroups system calls, which might allow local users to read arbitrary files by executing a program that relies on the pam_xauth PAM check. Scope: local bookworm: resolved (fixed in 1.1.2-1) bullseye: resolved (f

CVE-2010-0832 [MEDIUM] CVE-2010-0832: pam - pam_motd (aka the MOTD module) in libpam-modules before 1.1.0-2ubuntu1.1 in PAM ... pam_motd (aka the MOTD module) in libpam-modules before 1.1.0-2ubuntu1.1 in PAM on Ubuntu 9.10 and libpam-modules before 1.1.1-2ubuntu5 in PAM on Ubuntu 10.04 LTS allows local users to change the ownership of arbitrary files via a symlink attack on .cache in a user's home directory, related to "user file stamps" and the motd.legal-notice file. Scope: local bookworm: res

CVE-2010-3431 [LOW] CVE-2010-3431: pam - The privilege-dropping implementation in the (1) pam_env and (2) pam_mail module... The privilege-dropping implementation in the (1) pam_env and (2) pam_mail modules in Linux-PAM (aka pam) 1.1.2 does not check the return value of the setfsuid system call, which might allow local users to obtain sensitive information by leveraging an unintended uid, as demonstrated by a symlink attack on the .pam_environment file in a user's home directory. NOTE: this vuln

CVE-2010-3853 [MEDIUM] CVE-2010-3853: pam - pam_namespace.c in the pam_namespace module in Linux-PAM (aka pam) before 1.1.3 ... pam_namespace.c in the pam_namespace module in Linux-PAM (aka pam) before 1.1.3 uses the environment of the invoking application or service during execution of the namespace.init script, which might allow local users to gain privileges by running a setuid program that relies on the pam_namespace PAM check, as demonstrated by the sudo program. Scope: local bookworm: reso

CVE-2009-3232 [CRITICAL] CVE-2009-3232: pam - pam-auth-update for PAM, as used in Ubuntu 8.10 and 9.4, and Debian GNU/Linux, d... pam-auth-update for PAM, as used in Ubuntu 8.10 and 9.4, and Debian GNU/Linux, does not properly handle an "empty selection" for system authentication modules in certain rare configurations, which causes any attempt to be successful and allows remote attackers to bypass authentication. Scope: local bookworm: resolved (fixed in 1.0.1-10) bullseye: resolved (fixed in 1.

CVE-2009-0579 [MEDIUM] CVE-2009-0579: pam - Linux-PAM before 1.0.4 does not enforce the minimum password age (MINDAYS) as sp... Linux-PAM before 1.0.4 does not enforce the minimum password age (MINDAYS) as specified in /etc/shadow, which allows local users to bypass intended security policy and change their passwords sooner than specified. Scope: local bookworm: resolved (fixed in 1.0.1-10) bullseye: resolved (fixed in 1.0.1-10) forky: resolved (fixed in 1.0.1-10) sid: resolved (fixed in 1.0.1-1

CVE-2009-0887 [MEDIUM] CVE-2009-0887: pam - Integer signedness error in the _pam_StrTok function in libpam/pam_misc.c in Lin... Integer signedness error in the _pam_StrTok function in libpam/pam_misc.c in Linux-PAM (aka pam) 1.0.3 and earlier, when a configuration file contains non-ASCII usernames, might allow remote attackers to cause a denial of service, and might allow remote authenticated users to obtain login access with a different user's non-ASCII username, via a login attempt. Scope: loc

CVE-2007-0003 [HIGH] CVE-2007-0003: pam - pam_unix.so in Linux-PAM 0.99.7.0 allows context-dependent attackers to log into... pam_unix.so in Linux-PAM 0.99.7.0 allows context-dependent attackers to log into accounts whose password hash, as stored in /etc/passwd or /etc/shadow, has only two characters. Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trixie: resolved

CVE-2005-2977 [LOW] CVE-2005-2977: pam - The SELinux version of PAM before 0.78 r3 allows local users to perform brute fo... The SELinux version of PAM before 0.78 r3 allows local users to perform brute force password guessing attacks via unix_chkpwd, which does not log failed guesses or delay its responses. Scope: local bookworm: resolved (fixed in 0.99.7.1-2) bullseye: resolved (fixed in 0.99.7.1-2) forky: resolved (fixed in 0.99.7.1-2) sid: resolved (fixed in 0.99.7.1-2) trixie: resolved (fix

CVE-2003-0388 [MEDIUM] CVE-2003-0388: pam - pam_wheel in Linux-PAM 0.78, with the trust option enabled and the use_uid optio... pam_wheel in Linux-PAM 0.78, with the trust option enabled and the use_uid option disabled, allows local users to spoof log entries and gain privileges by causing getlogin() to return a spoofed user name. Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trixie: resolved

CVE-2002-1227 [HIGH] CVE-2002-1227: pam - PAM 0.76 treats a disabled password as if it were an empty (null) password, whic... PAM 0.76 treats a disabled password as if it were an empty (null) password, which allows local and remote attackers to gain privileges as disabled users. Scope: local bookworm: resolved (fixed in 0.76-6) bullseye: resolved (fixed in 0.76-6) forky: resolved (fixed in 0.76-6) sid: resolved (fixed in 0.76-6) trixie: resolved (fixed in 0.76-6)