ID CVE-2007-0003
Summary pam_unix.so in Linux-PAM 0.99.7.0 allows context-dependent attackers to log into accounts whose password hash, as stored in /etc/passwd or /etc/shadow, has only two characters.
References
Vulnerable Configurations
  • cpe:2.3:o:andrew_morgan:linux_pam:0.99.7.0
    cpe:2.3:o:andrew_morgan:linux_pam:0.99.7.0
CVSS
Base: 7.2 (as of 23-01-2007 - 16:53)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
LOCAL LOW NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
nessus via4
NASL family SuSE Local Security Checks
NASL id SUSE_PAM-2601.NASL
description A bug in pam_unix module allowed users under certain circumstances to log in although their account was locked. pam_unix is not used on openSUSE by default though (CVE-2007-0003).
last seen 2019-02-21
modified 2018-07-19
plugin id 27380
published 2007-10-17
reporter Tenable
source https://www.tenable.com/plugins/index.php?view=single&id=27380
title openSUSE 10 Security Update : pam (pam-2601)
refmap via4
bid 22204
mlist
  • [fedora-devel-list] 20070122 Re: rawhide report: 20070120 changes
  • [pam-list] 20070123 Linux-PAM 0.99.7.1 released
osvdb 32017
secunia 23858
suse SUSE-SR:2007:003
vupen ADV-2007-0323
xf linuxpam-pamunix-security-bypass(31739)
statements via4
contributor Mark J Cox
lastmodified 2007-01-24
organization Red Hat
statement Not vulnerable. These issues did not affect the versions of pam as shipped with Red Hat Enterprise Linux 2.1, 3, or 4.
Last major update 07-03-2011 - 21:48
Published 23-01-2007 - 16:28
Last modified 28-07-2017 - 21:29
Back to Top