Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2008-2516

Опубликовано: 03 июн. 2008
Источник: nvd
CVSS2: 4.6
EPSS Низкий

Описание

pam_sm_authenticate in pam_pgsql.c in libpam-pgsql 0.6.3 does not properly consider operator precedence when evaluating the success of a pam_get_pass function call, which allows local users to gain privileges via a SIGINT signal when this function is executing, as demonstrated by a CTRL-C sequence at a sudo password prompt in an "auth sufficient pam_pgsql.so" configuration.

Ссылки

Уязвимые конфигурации

Конфигурация 1
cpe:2.3:a:libpam-pgsql:libpam-pgsql:0.6.3:*:*:*:*:*:*:*

EPSS

Процентиль: 18%
0.00058
Низкий

4.6 Medium

CVSS2

Дефекты

CWE-287

Связанные уязвимости

ubuntu логотип

CVE-2008-2516

ubuntu
больше 17 лет назад

pam_sm_authenticate in pam_pgsql.c in libpam-pgsql 0.6.3 does not properly consider operator precedence when evaluating the success of a pam_get_pass function call, which allows local users to gain privileges via a SIGINT signal when this function is executing, as demonstrated by a CTRL-C sequence at a sudo password prompt in an "auth sufficient pam_pgsql.so" configuration.

debian логотип

CVE-2008-2516

debian
больше 17 лет назад

pam_sm_authenticate in pam_pgsql.c in libpam-pgsql 0.6.3 does not prop ...

github логотип

GHSA-f5j9-mgc7-gfx4

github
больше 3 лет назад

pam_sm_authenticate in pam_pgsql.c in libpam-pgsql 0.6.3 does not properly consider operator precedence when evaluating the success of a pam_get_pass function call, which allows local users to gain privileges via a SIGINT signal when this function is executing, as demonstrated by a CTRL-C sequence at a sudo password prompt in an "auth sufficient pam_pgsql.so" configuration.

EPSS

Процентиль: 18%
0.00058
Низкий

4.6 Medium

CVSS2

Дефекты

CWE-287