GNU Coreutils 'pam_succeed_if' PAM Local Authentication Bypass Vulnerability

Bugtraq ID: 30363
Class: Design Error
CVE: CVE-2008-1946
Remote: No
Local: Yes
Published: Jul 24 2008 12:00AM
Updated: Aug 29 2008 07:54PM
Credit: Josh Bressers
Vulnerable: Redhat Enterprise Linux WS 4
Redhat Enterprise Linux ES 4
Redhat Enterprise Linux AS 4
Redhat Enterprise Linux Desktop version 4
GNU Coreutils 5.2.1
GNU Coreutils 5.2
GNU Coreutils 5.1.3
GNU Coreutils 5.1.2
GNU Coreutils 5.1.1
GNU Coreutils 5.1
GNU Coreutils 5.0.91
GNU Coreutils 5.0.90
GNU Coreutils 5.0.1
GNU Coreutils 5.0
+ Mandriva Linux Mandrake 9.2 amd64
+ Mandriva Linux Mandrake 9.2
+ Mandriva Linux Mandrake 9.2
GNU Coreutils 4.5.12
GNU Coreutils 4.5.11
GNU Coreutils 4.5.10
GNU Coreutils 4.5.9
GNU Coreutils 4.5.8
GNU Coreutils 4.5.7
+ Mandriva Linux Mandrake 9.2 amd64
+ Mandriva Linux Mandrake 9.2
+ Mandriva Linux Mandrake 9.1 ppc
+ Mandriva Linux Mandrake 9.1 ppc
+ Mandriva Linux Mandrake 9.1
+ Mandriva Linux Mandrake 9.1
GNU Coreutils 4.5.6
GNU Coreutils 4.5.5
GNU Coreutils 4.5.4
GNU Coreutils 4.5.3
+ Redhat Linux 9.0 i386
GNU Coreutils 4.5.2
GNU Coreutils 4.5.2
GNU Coreutils 4.5.1
Avaya Voice Portal 3.0
Avaya Proactive Contact 0
Avaya Messaging Storage Server 3.1
Avaya Message Networking
Avaya Meeting Exchange - Enterprise Edition
Avaya Intuity AUDIX LX 2.0
Avaya EMMC 0
Avaya Aura SIP Enablement Services 3.1
Avaya Aura Application Enablement Services 3.0
Not Vulnerable:


 

Privacy Statement
Copyright 2010, SecurityFocus