Published: 24/07/2003 Updated: 18/10/2016

CVSS v2 Base Score: 4.6 | Impact Score: 6.4 | Exploitability Score: 3.9

VMScore: 465

Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P

pam_wheel in Linux-PAM 0.78, with the trust option enabled and the use_uid option disabled, allows local users to spoof log entries and gain privileges by causing getlogin() to return a spoofed user name.

Vulnerable Product	Search on Vulmon	Subscribe to Product
andrew morgan linux pam

Synopsis pam security update Type/Severity Security Advisory: Low Topic Updated pam packages that fix a security vulnerability are now availablefor Red Hat Enterprise Linux 21 Description PAM (Pluggable Authentication Modules) is a system security tool thatallows system administrators to ...

source: wwwsecurityfocuscom/bid/7929/info A vulnerability has been discovered in the Linux-Pam pam_wheel module The problem exists in the way the module authenticates users under certain configurations Specifically, if the module is configured to allow wheel group members to use the 'su' utility without supplying credentials and is not ...

NVD-CWE-Other http://www.idefense.com/advisory/06.16.03.txt http://www.redhat.com/support/errata/RHSA-2004-304.html http://marc.info/?l=bugtraq&m=105577915506761&w=2 https://access.redhat.com/errata/RHSA-2004:304 https://nvd.nist.gov https://www.exploit-db.com/exploits/22781/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2003-0388

Vulnerability Summary

Vendor Advisories

Exploits

References

Vulmon Search

About

Products

Connect