Download
| Alert*
oval:org.secpod.oval:def:21822
The host is installed with Linux-PAM (aka pam) 1.1.8 and is prone to multiple directory traversal vulnerabilities. The flaws are present in the application, which fails to properly handle a .. (dot dot) in the (1) PAM_RUSER value to the get_ruser function or (2) PAM_TTY value to the check_tty functi ... oval:org.secpod.oval:def:33563 pam: Pluggable Authentication Modules Several security issues were fixed in PAM. oval:org.secpod.oval:def:1600197 Multiple directory traversal vulnerabilities in pam_timestamp.c in the pam_timestamp module for Linux-PAM 1.1.8 allow local users to create aribitrary files or possibly bypass authentication via a .. in the PAM_RUSER value to the get_ruser function or PAM_TTY value to the check_tty funtion, whic ... oval:org.secpod.oval:def:108103 PAM is a system security tool that allows system administrators to set authentication policy without having to recompile programs that handle authentication. oval:org.secpod.oval:def:52170 pam: Pluggable Authentication Modules Several security issues were fixed in PAM. |