CVSS: 5.5EPSS: 0%CPEs: 23EXPL: 0CVE-2010-3316 – pam: pam_xauth missing return value checks from setuid() and similar calls
https://notcve.org/view.php?id=CVE-2010-3316
24 Jan 2011 — The run_coprocess function in pam_xauth.c in the pam_xauth module in Linux-PAM (aka pam) before 1.1.2 does not check the return values of the setuid, setgid, and setgroups system calls, which might allow local users to read arbitrary files by executing a program that relies on the pam_xauth PAM check. La función run_coprocess en pam_xauth.c en el módulo pam_xauth de Linux-PAM (también conocido por PAM)en la versiones anteriores a v1.1.2 no comprueba los valores de retorno de la setuid, setgid, y pide setgro... • http://git.altlinux.org/people/ldv/packages/?p=pam.git%3Ba=commit%3Bh=06f882f30092a39a1db867c9744b2ca8d60e4ad6 •
CVSS: 7.1EPSS: 0%CPEs: 21EXPL: 0CVE-2009-0579
https://notcve.org/view.php?id=CVE-2009-0579
16 Apr 2009 — Linux-PAM before 1.0.4 does not enforce the minimum password age (MINDAYS) as specified in /etc/shadow, which allows local users to bypass intended security policy and change their passwords sooner than specified. Linux-PAM antes de v1.0.4 no aplica la edad mínima de la contraseña (MINDAYS), tal como se especifica en /etc/shadow, lo que permite a usuarios locales eludir la política de seguridad y cambiar sus contraseñas antes de lo especificado. • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=514437 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.6EPSS: 0%CPEs: 20EXPL: 1CVE-2009-0887
https://notcve.org/view.php?id=CVE-2009-0887
12 Mar 2009 — Integer signedness error in the _pam_StrTok function in libpam/pam_misc.c in Linux-PAM (aka pam) 1.0.3 and earlier, when a configuration file contains non-ASCII usernames, might allow remote attackers to cause a denial of service, and might allow remote authenticated users to obtain login access with a different user's non-ASCII username, via a login attempt. Error de presencia de signo en entero en la función the_pam_StrTok en Linux-PAM (alias pam) 1.0.3 y anteriores, cuando un fichero de configuración con... • http://openwall.com/lists/oss-security/2009/03/05/1 • CWE-189: Numeric Errors •