The PAM implementation in /bin/login of the util-linux package prior to 2.11 causes a password entry to be rewritten across multiple PAM calls, which could provide the credentials of one user to a different user, when used in certain PAM modules such as pam_limits.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
andries brouwer util-linux 2.11f |
||
andries brouwer util-linux 2.11i |
||
andries brouwer util-linux 2.11k |
||
andries brouwer util-linux 2.10s |
||
andries brouwer util-linux 2.11h |