Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
4.3
CVSSv2

CVE-2013-7041

Published: 08/05/2014 Updated: 03/12/2016
CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6
VMScore: 383
Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N
Subscribe to Pam Userdb

Vulnerability Summary

The pam_userdb module for Pam uses a case-insensitive method to compare hashed passwords, which makes it easier for malicious users to guess the password via a brute force attack.

Vulnerable Product Search on Vulmon Subscribe to Product

cristian gafton pam userdb -

Vendor Advisories

Debian CVElist Bug Report Logs: pam: CVE-2014-2583 pam_timestamp directory traversal issues
Debian Bug report logs - #757555 pam: CVE-2014-2583 pam_timestamp directory traversal issues Package: src:pam; Maintainer for src:pam is Steve Langasek <vorlon@debianorg>; Reported by: Michael Gilbert <mgilbert@debianorg> Date: Sat, 9 Aug 2014 10:21:02 UTC Severity: important Tags: patch, security Found in versio ...
Debian CVElist Bug Report Logs: pam_userdb: CVE-2013-7041: Password hashes must be compared case-sensitively
Debian Bug report logs - #731368 pam_userdb: CVE-2013-7041: Password hashes must be compared case-sensitively Package: libpam-modules; Maintainer for libpam-modules is Steve Langasek <vorlon@debianorg>; Source for libpam-modules is src:pam (PTS, buildd, popcon) Reported by: Kim Vandry <vandry@TZoNEORG> Date: Wed, ...
Ubuntu Security Notice: pam regression
USN-2935-1 introduced a regression in PAM ...
Ubuntu Security Notice: pam vulnerabilities
Several security issues were fixed in PAM ...
Ubuntu Security Notice: pam regression
USN-2935-1 introduced a regression in PAM ...
Amazon Linux AMI: ALAS-2014-354
Multiple directory traversal vulnerabilities in pam_timestampc in the pam_timestamp module for Linux-PAM (aka pam) 118 allow local users to create aribitrary files or possibly bypass authentication via a (dot dot) in the (1) PAM_RUSER value to the get_ruser function or (2) PAM_TTY value to the check_tty funtion, which is used by the format_ti ...
Red Hat: CVE-2013-7041
The pam_userdb module for Pam uses a case-insensitive method to compare hashed passwords, which makes it easier for attackers to guess the password via a brute force attack ...

References

CWE-310http://www.openwall.com/lists/oss-security/2013/12/09/5https://bugzilla.redhat.com/show_bug.cgi?id=1038555http://www.openwall.com/lists/oss-security/2013/12/09/16https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=731368https://security.gentoo.org/glsa/201605-05http://www.securityfocus.com/bid/64180http://www.ubuntu.com/usn/USN-2935-3http://www.ubuntu.com/usn/USN-2935-1http://www.ubuntu.com/usn/USN-2935-2https://nvd.nist.govhttps://bugs.debian.org/cgi-bin/bugreport.cgi?bug=757555https://usn.ubuntu.com/2935-2/https://access.redhat.com/security/cve/cve-2013-7041
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-38028CVE-2024-32406CVE-2024-25624IMAPCVE-2024-2310CVE-2024-0874CVE-2024-20359XXEremote code execution
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook