CVE-2008-2516

Current Description

pam_sm_authenticate in pam_pgsql.c in libpam-pgsql 0.6.3 does not properly consider operator precedence when evaluating the success of a pam_get_pass function call, which allows local users to gain privileges via a SIGINT signal when this function is executing, as demonstrated by a CTRL-C sequence at a sudo password prompt in an "auth sufficient pam_pgsql.so" configuration.

Basic Data

PublishedJune 03, 2008
Last ModifiedAugust 08, 2017
Assignercve@mitre.org
Data TypeCVE
Data FormatMITRE
Data Version4.0
Problem TypeCWE-287
CVE Data Version4.0

Base Metric V2

CVSS 2 - Version2.0
CVSS 2 - Vector StringAV:L/AC:L/Au:N/C:P/I:P/A:P
CVSS 2 - Access VectorLOCAL
CVSS 2 - Access ComplexityLOW
CVSS 2 - AuthenticationNONE
CVSS 2 - Confidentiality ImpactPARTIAL
CVSS 2 - Availability ImpactPARTIAL
CVSS 2 - Base Score4.6
SeverityMEDIUM
Exploitability Score3.9
Impact Score6.4
Obtain All Privilegefalse
Obtain User Privilegefalse
Obtain Other Privilegefalse

Base Metric V3

No data provided.

Configurations

  • OR - Configuration 1
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3ApplicationLibpam-pgsqlLibpam-pgsql0.6.3*******

Vulnerable Software List

VendorProductVersions
Libpam-pgsql Libpam-pgsql 0.6.3

References

NameSourceURLTags
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=481970http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=481970CONFIRM
30391http://secunia.com/advisories/30391SECUNIAVendor Advisory
http://sourceforge.net/project/shownotes.php?release_id=601775http://sourceforge.net/project/shownotes.php?release_id=601775CONFIRM
29360http://www.securityfocus.com/bid/29360BID
1020111http://www.securitytracker.com/id?1020111SECTRACK
ADV-2008-1654http://www.vupen.com/english/advisories/2008/1654/referencesVUPEN
libpampgsql-pamsm-security-bypass(42653)https://exchange.xforce.ibmcloud.com/vulnerabilities/42653XF