Local User Privilege Escalation in Linux-PAM by Red Hat
CVE-2003-0388

Currently unrated

Key Information:

Vendor: Andrew Morgan
Status: Linux Pam
Vendor: CVE Published:; 24 July 2003

🔔 Create Andrew Morgan Vulnerability Alert

What is CVE-2003-0388?

A flaw in the pam_wheel module of Linux-PAM 0.78 allows local users to exploit the system when the trust option is enabled and the use_uid option is disabled. This vulnerability can lead to users spoofing log entries by manipulating the output of the getlogin() function, thereby potentially escalating privileges and gaining unauthorized access to sensitive information.

References

http://www.idefense.com/advisory/06.16.03.txt

x_refsource_MISC

http://marc.info/?l=bugtraq&m=105577915506761&w=2

mailing-listx_refsource_BUGTRAQ

http://www.redhat.com/support/errata/RHSA-2004-304.html

vendor-advisoryx_refsource_REDHAT

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 24, 2003
Vulnerability Reserved
Jun 9, 2003

CVE-2003-0388 Data

JSON