Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
2.1
CVSSv2

CVE-2005-2977

Published: 01/11/2005 Updated: 11/10/2017
CVSS v2 Base Score: 2.1 | Impact Score: 2.9 | Exploitability Score: 3.9
VMScore: 187
Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N
Subscribe to Pam

Vulnerability Summary

The SELinux version of PAM prior to 0.78 r3 allows local users to perform brute force password guessing attacks via unix_chkpwd, which does not log failed guesses or delay its responses.

Vulnerable Product Search on Vulmon Subscribe to Product

pam pam

Vendor Advisories

Red Hat: pam security update
Synopsis pam security update Type/Severity Security Advisory: Low Topic An updated pam package that fixes a security weakness is now available forRed Hat Enterprise Linux 4This update has been rated as having low security impact by the Red HatSecurity Response Team Description PAM (Plugga ...
Debian CVElist Bug Report Logs: CVE-2005-2977: Vulnerable to brute forcing attacks when using SELinux
Debian Bug report logs - #336344 CVE-2005-2977: Vulnerable to brute forcing attacks when using SELinux Package: pam; Maintainer for pam is Steve Langasek <vorlon@debianorg>; Reported by: Moritz Muehlenhoff <jmm@inutilorg> Date: Sat, 29 Oct 2005 15:48:02 UTC Severity: important Tags: etch, security Fixed in version ...

References

NVD-CWE-Otherhttp://www.gentoo.org/security/en/glsa/glsa-200510-22.xmlhttps://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=168181http://cvs.sourceforge.net/viewcvs.py/pam/Linux-PAM/NEWS?rev=1.6&view=markuphttp://secunia.com/advisories/17365http://securitytracker.com/id?1015111http://www.securityfocus.com/bid/15217http://www.redhat.com/support/errata/RHSA-2005-805.htmlhttp://secunia.com/advisories/17346http://secunia.com/advisories/17350http://secunia.com/advisories/17352http://www.vupen.com/english/advisories/2005/2227https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10193https://access.redhat.com/errata/RHSA-2005:805https://nvd.nist.gov
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27322administrator privilegesCVE-2024-1579hardcodedCVE-2023-20198CVE-2024-33587CVE-2024-33449CVE-2024-4308HTML injection
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook