Searching pam based software vulnerabilities

Linuxconf on Red Hat Linux 6.0 and earlier does

PAM-based | Linuxconf | properly | shutdown | disable | command | service | earlier | denial | access | local | allow | cause | users | could | Linux | which | does | Red | Hat | not |

Linuxconf on Red Hat Linux 6.0 and earlier does not properly disable PAM-based access to the shutdown command, which could allow local users to cause a denial of service.


Buffer overflow in pam_smb and pam_ntdom plugga

authentication | pam_ntdom | pluggable | overflow | modules | pam_smb | Buffer |

Buffer overflow in pam_smb and pam_ntdom pluggable authentication modules (PAM) allow remote attackers to execute arbitrary commands via a login with a long user name.


qpopper 4.01 with PAM based authentication on R

qpopper |

qpopper 4.01 with PAM based authentication on Red Hat systems generates different error messages when an invalid username is provided instead of a valid name, which allows remote attackers to determine valid usernames on the system.


The default PAM files included with passwd in M

passwords | security | Mandrake | included | password | intended | support | default | result | passwd | level | lower | could | Linux | files | which | than | PAM | not | MD5 |

The default PAM files included with passwd in Mandrake Linux 8.1 do not support MD5 passwords, which could result in a lower level of password security than intended.


Buffer overflow in axspawn.c in Axspawn-pam bef

Axspawn-pam | attackers | arbitrary | overflow | axspawnc | execute | packets | remote | before | Buffer | allows | large | 021a | code | via |

Buffer overflow in axspawn.c in Axspawn-pam before 0.2.1a allows remote attackers to execute arbitrary code via large packets.


pam_wheel in Linux-PAM 0.78, with the trust opt

Linux-PAM | pam_wheel |

pam_wheel in Linux-PAM 0.78, with the trust option enabled and the use_uid option disabled, allows local users to spoof log entries and gain privileges by causing getlogin() to return a spoofed user name.


Buffer overflow in PAM SMB module (pam_smb) 1.1

overflow | module | Buffer | SMB | PAM |

Buffer overflow in PAM SMB module (pam_smb) 1.1.6 and earlier, when authenticating to a remote service, allows remote attackers to execute arbitrary code.


KDM in KDE 3.1.3 and earlier does not verify wh

KDE | KDM |

KDM in KDE 3.1.3 and earlier does not verify whether the pam_setcred function call succeeds, which may allow attackers to gain root privileges by triggering error conditions within PAM modules, as demonstrated in certain configurations of the MIT pam_krb5 module.


The PAM conversation function in OpenSSH 3.7.1

conversation | function | OpenSSH | PAM |

The PAM conversation function in OpenSSH 3.7.1 and 3.7.1p1 interprets an array of structures as an array of pointers, which allows attackers to modify the stack and possibly gain privileges.


Multiple stack-based buffer overflows in the IC

stack-based | overflows | Protocol | routines | Multiple | Analysis | parsing | buffer | Module | ISS | ICQ |

Multiple stack-based buffer overflows in the ICQ parsing routines of the ISS Protocol Analysis Module (PAM) component, as used in various RealSecure, Proventia, and BlackICE products, allow remote attackers to execute arbitrary code via a SRV_MULTI response containing a SRV_USER_ONLINE response packet and a SRV_META_USER response packet with long (1) nickname, (2) firstname, (3) lastname, or (4) email address fields, as exploited by the Witty worm.


passwd 0.68 does not check the return code for

passwd |

passwd 0.68 does not check the return code for the pam_start function, which has unknown impact and attack vectors that may prevent "safe and proper operation" of PAM.


Stack-based buffer overflow in the get_internal

get_internal_addresses | application | Stack-based | Openswan | function | overflow | before | buffer | pluto |

Stack-based buffer overflow in the get_internal_addresses function in the pluto application for Openswan 1.x before 1.0.9, and Openswan 2.x before 2.3.0, when compiled with XAUTH and PAM enabled, allows remote authenticated attackers to execute arbitrary code.


authpam.c in courier-authdaemon for Courier Mai

courier-authdaemon | authpamc | Courier | Server | Mail |

authpam.c in courier-authdaemon for Courier Mail Server 0.37.3 through 0.52.1, when using pam_tally, does not call the pam_acct_mgmt function to verify that access should be granted, which allows attackers to authenticate to the server using accounts that have been disabled.


hfaxd in HylaFAX 4.2.3, when PAM support is dis

HylaFAX | hfaxd |

hfaxd in HylaFAX 4.2.3, when PAM support is disabled, accepts arbitrary passwords, which allows remote attackers to gain privileges.


Double-free vulnerability in the authentication

authentication | vulnerability | Double-free | alteration | PAM-MySQL | before | token | code | 06x |

Double-free vulnerability in the authentication and authentication token alteration code in PAM-MySQL 0.6.x before 0.6.2 and 0.7.x before 0.7pre3 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted passwords, which lead to a double-free of a pointer that was created by the pam_get_item function. NOTE: this issue only occurs in certain configurations in which there are multiple PAM modules, PAM-MySQL is not evaluated first, and there are no requisite modules before PAM-MySQL.


Stack-based buffer overflow in the pam_micasa P

authentication | Stack-based | unspecified | Enterprise | pam_micasa | attackers | arbitrary | overflow | Desktop | vectors | execute | remote | allows | Server | buffer | module | Novell | Linux | code | CASA | Open | PAM | via |

Stack-based buffer overflow in the pam_micasa PAM authentication module in CASA on Novell Linux Desktop 9 and Open Enterprise Server 1 allows remote attackers to execute arbitrary code via unspecified vectors.


Pedro Lineu Orso chetcpasswd 2.4.1 and earlier

chetcpasswd | Lineu | Pedro | Orso |

Pedro Lineu Orso chetcpasswd 2.4.1 and earlier verifies and updates user accounts via custom code that processes /etc/shadow and does not follow the PAM configuration, which might allow remote attackers to bypass intended restrictions implemented through PAM.


login in util-linux-2.12a skips pam_acct_mgmt a

util-linux-212a | authentication | pam_acct_mgmt | established | chauth_tok | enforced | intended | policies | Kerberos | skipped | session | krlogin | access | bypass | skips | would | login | users | which | might | allow | such | been | has |

login in util-linux-2.12a skips pam_acct_mgmt and chauth_tok when authentication is skipped, such as when a Kerberos krlogin session has been established, which might allow users to bypass intended access policies that would be enforced by pam_acct_mgmt and chauth_tok.


pam_unix.so in Linux-PAM 0.99.7.0 allows contex

pam_unixso | Linux-PAM |

pam_unix.so in Linux-PAM 0.99.7.0 allows context-dependent attackers to log into accounts whose password hash, as stored in /etc/passwd or /etc/shadow, has only two characters.


The auth_via_key function in pam_ssh.c in pam_s

auth_via_key | pam_sshc | function | pam_ssh | before |

The auth_via_key function in pam_ssh.c in pam_ssh before 1.92, when the allow_blank_passphrase option is disabled, allows remote attackers to bypass authentication restrictions and use private encryption keys requiring a blank passphrase by entering a non-blank passphrase.


Software vulnerabilities results 1 to 20 of 1133     
Page: 12345...57