Security Flaw in Linux-PAM 0.99.7.0 Affects User Authentication
CVE-2007-0003

Currently unrated

Key Information:

Vendor: Andrew Morgan
Status: Linux Pam
Vendor: CVE Published:; 23 January 2007

🔔 Create Andrew Morgan Vulnerability Alert

What is CVE-2007-0003?

The Linux-PAM 0.99.7.0 contains a security flaw in the pam_unix.so module that enables context-dependent attackers to gain unauthorized access. This vulnerability specifically arises when users have passwords with only two characters stored in /etc/passwd or /etc/shadow. Attackers can exploit this flaw to bypass standard authentication mechanisms, compromising user accounts and potentially leading to unauthorized access to sensitive information.

References

http://osvdb.org/32017

vdb-entryx_refsource_OSVDB

https://exchange.xforce.ibmcloud.com/vulnerabilities/31739

vdb-entryx_refsource_XF

http://www.novell.com/linux/security/advisories/2007_3_sr...

vendor-advisoryx_refsource_SUSE

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 23, 2007
Vulnerability Reserved
Dec 19, 2006

CVE-2007-0003 Data

JSON