Main Vulnerability Database Vulnerabilities #VU41841

#VU41841 Path traversal in linux-pam - CVE-2014-2583

Published: April 10, 2014 / Updated: August 10, 2020

Vulnerability identifier: #VU41841

Vulnerability risk: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2014-2583

CWE-ID: CWE-22

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
linux-pam

Software vendor:
git.kernel.org

Description

The vulnerability allows a remote non-authenticated attacker to read and manipulate data.

Multiple directory traversal vulnerabilities in pam_timestamp.c in the pam_timestamp module for Linux-PAM (aka pam) 1.1.8 allow local users to create arbitrary files or possibly bypass authentication via a .. (dot dot) in the (1) PAM_RUSER value to the get_ruser function or (2) PAM_TTY value to the check_tty function, which is used by the format_timestamp_name function.

Remediation

Install update from vendor's website.

#VU41841 Path traversal in linux-pam - CVE-2014-2583

Description

Remediation

External links

Please verify you're human