Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
5.8
CVSSv2

CVE-2014-2583

Published: 10/04/2014 Updated: 03/01/2019
CVSS v2 Base Score: 5.8 | Impact Score: 4.9 | Exploitability Score: 8.6
VMScore: 516
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:N
Subscribe to Linux-pam

Vulnerability Summary

Multiple directory traversal vulnerabilities in pam_timestamp.c in the pam_timestamp module for Linux-PAM (aka pam) 1.1.8 allow local users to create arbitrary files or possibly bypass authentication via a .. (dot dot) in the (1) PAM_RUSER value to the get_ruser function or (2) PAM_TTY value to the check_tty function, which is used by the format_timestamp_name function.

Vulnerable Product Search on Vulmon Subscribe to Product

linux-pam linux-pam 1.1.8

Vendor Advisories

Debian CVElist Bug Report Logs: pam: CVE-2014-2583 pam_timestamp directory traversal issues
Debian Bug report logs - #757555 pam: CVE-2014-2583 pam_timestamp directory traversal issues Package: src:pam; Maintainer for src:pam is Steve Langasek <vorlon@debianorg>; Reported by: Michael Gilbert <mgilbert@debianorg> Date: Sat, 9 Aug 2014 10:21:02 UTC Severity: important Tags: patch, security Found in versio ...
Debian CVElist Bug Report Logs: pam_userdb: CVE-2013-7041: Password hashes must be compared case-sensitively
Debian Bug report logs - #731368 pam_userdb: CVE-2013-7041: Password hashes must be compared case-sensitively Package: libpam-modules; Maintainer for libpam-modules is Steve Langasek <vorlon@debianorg>; Source for libpam-modules is src:pam (PTS, buildd, popcon) Reported by: Kim Vandry <vandry@TZoNEORG> Date: Wed, ...
Ubuntu Security Notice: pam regression
USN-2935-1 introduced a regression in PAM ...
Ubuntu Security Notice: pam vulnerabilities
Several security issues were fixed in PAM ...
Ubuntu Security Notice: pam regression
USN-2935-1 introduced a regression in PAM ...
Amazon Linux AMI: ALAS-2014-354
Multiple directory traversal vulnerabilities in pam_timestampc in the pam_timestamp module for Linux-PAM (aka pam) 118 allow local users to create aribitrary files or possibly bypass authentication via a (dot dot) in the (1) PAM_RUSER value to the get_ruser function or (2) PAM_TTY value to the check_tty funtion, which is used by the format_ti ...

References

CWE-22https://git.fedorahosted.org/cgit/linux-pam.git/commit/?id=Linux-PAM-1_1_8-32-g9dcead8http://secunia.com/advisories/57317http://www.openwall.com/lists/oss-security/2014/03/26/10http://www.openwall.com/lists/oss-security/2014/03/31/6http://www.openwall.com/lists/oss-security/2014/03/24/5http://www.securityfocus.com/bid/66493https://security.gentoo.org/glsa/201605-05http://www.ubuntu.com/usn/USN-2935-3http://www.ubuntu.com/usn/USN-2935-1http://www.ubuntu.com/usn/USN-2935-2https://nvd.nist.govhttps://bugs.debian.org/cgi-bin/bugreport.cgi?bug=757555https://usn.ubuntu.com/2935-2/
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
IMAPCVE-2024-4367server-side request forgeryinformation disclosureCVE-2024-34342CVE-2024-4281CVE-2024-3507CVE-2024-25560CVE-2024-34574
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook