Multiple directory traversal vulnerabilities in pam via a crafted application - CVE-2014-2583ID: oval:org.secpod.oval:def:21822 | Date: (C)2014-12-01 (M)2022-09-09 |
Class: VULNERABILITY | Family: unix |
The host is installed with Linux-PAM (aka pam) 1.1.8 and is prone to multiple directory traversal vulnerabilities. The flaws are present in the application, which fails to properly handle a .. (dot dot) in the (1) PAM_RUSER value to the get_ruser function or (2) PAM_TTY value to the check_tty function. Successful exploitation allow local users to create arbitrary files or possibly bypass authentication.
Platform: |
Red Hat Enterprise Linux 6 |
Red Hat Enterprise Linux 5 |