Linux-PAM Configuration File Non-ASCII User Name Handling Local Privilege Escalation Vulnerability

Linux-PAM Configuration File Non-ASCII User Name Handling Local Privilege Escalation Vulnerability

Linux-PAM is prone to a vulnerability related to the parsing of user names containing non-ASCII characters from PAM configuration files. Specifically, this issue is caused by an error in the '_pam_StrTok()' function, which may strip a single trailing non-ASCII character from user names before returning them as 'arg3'.

Note that root access is required to modify the affected configuration files.

A local attacker may exploit this issue to authenticate as additional users. The attacker may be able to create a denial-of-service condition or possibly to execute arbitrary code as the affected process, but this has not been confirmed.

Versions prior to Linux-PAM 1.0.4 are vulnerable.