1. CVE-Search
  2. CVE-2007-1716
ID CVE-2007-1716
Summary pam_console does not properly restore ownership for certain console devices when there are multiple users logged into the console and one user logs out, which might allow local users to gain privileges.
References
Vulnerable Configurations
  • cpe:2.3:o:redhat:enterprise_linux:4.4:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux:4.4:*:*:*:*:*:*:*
CVSS
Base: 3.4 (as of 11-10-2017 - 01:31)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
LOCAL HIGH MULTIPLE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:L/AC:H/Au:M/C:P/I:P/A:P
oval via4
accepted 2013-04-29T04:14:21.777-04:00
class vulnerability
contributors
  • name Aharon Chernin
    organization SCAP.com, LLC
  • name Dragos Prisaca
    organization G2, Inc.
definition_extensions
  • comment The operating system installed on the system is Red Hat Enterprise Linux 3
    oval oval:org.mitre.oval:def:11782
  • comment CentOS Linux 3.x
    oval oval:org.mitre.oval:def:16651
  • comment The operating system installed on the system is Red Hat Enterprise Linux 4
    oval oval:org.mitre.oval:def:11831
  • comment CentOS Linux 4.x
    oval oval:org.mitre.oval:def:16636
  • comment Oracle Linux 4.x
    oval oval:org.mitre.oval:def:15990
  • comment The operating system installed on the system is Red Hat Enterprise Linux 5
    oval oval:org.mitre.oval:def:11414
  • comment The operating system installed on the system is CentOS Linux 5.x
    oval oval:org.mitre.oval:def:15802
  • comment Oracle Linux 5.x
    oval oval:org.mitre.oval:def:15459
description pam_console does not properly restore ownership for certain console devices when there are multiple users logged into the console and one user logs out, which might allow local users to gain privileges.
family unix
id oval:org.mitre.oval:def:11483
status accepted
submitted 2010-07-09T03:56:16-04:00
title pam_console does not properly restore ownership for certain console devices when there are multiple users logged into the console and one user logs out, which might allow local users to gain privileges.
version 31
redhat via4
advisories
  • rhsa
    id RHSA-2007:0465
  • rhsa
    id RHSA-2007:0555
  • rhsa
    id RHSA-2007:0737
rpms
  • cdrecord-8:2.01.0.a32-0.EL3.6
  • cdrecord-devel-8:2.01.0.a32-0.EL3.6
  • cdrtools-debuginfo-8:2.01.0.a32-0.EL3.6
  • mkisofs-8:2.01.0.a32-0.EL3.6
  • pam-0:0.75-72
  • pam-debuginfo-0:0.75-72
  • pam-devel-0:0.75-72
  • pam-0:0.99.6.2-3.26.el5
  • pam-debuginfo-0:0.99.6.2-3.26.el5
  • pam-devel-0:0.99.6.2-3.26.el5
  • pam-0:0.77-66.23
  • pam-debuginfo-0:0.77-66.23
  • pam-devel-0:0.77-66.23
refmap via4
confirm
fulldisc 20070920 VMSA-2007-0006 Critical security updates for all supported versions of VMware ESX Server, VMware Server, VMware Workstation, VMware ACE, and VMware Player
gentoo GLSA-200711-23
osvdb 37271
secunia
  • 25631
  • 25894
  • 26909
  • 27590
  • 27706
  • 28319
sgi 20070602-01-P
vupen ADV-2007-3229
statements via4
contributor Joshua Bressers
lastmodified 2007-04-09
organization Red Hat
statement Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=233581 The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. More information regarding issue severity can be found here: http://www.redhat.com/security/updates/classification/
Last major update 11-10-2017 - 01:31
Published 27-03-2007 - 22:19
Last modified 11-10-2017 - 01:31
Back to Top