Directory Traversal Vulnerabilities in Linux-PAM's pam_timestamp Module
CVE-2014-2583

Currently unrated

Key Information:

Vendor: Linux-pam
Status: Linux-pam
Vendor: CVE Published:; 10 April 2014

What is CVE-2014-2583?

Multiple directory traversal vulnerabilities exist in the pam_timestamp module within Linux-PAM version 1.1.8, allowing local users to craft arbitrary files or potentially bypass authentication. This is achievable through the manipulation of specific PAM values, namely PAM_RUSER and PAM_TTY, exploiting the internal functions get_ruser and check_tty. Consequently, attackers may utilize '../' sequences to gain unauthorized access to system resources.

References

http://www.openwall.com/lists/oss-security/2014/03/24/5

mailing-listx_refsource_MLIST

http://www.securityfocus.com/bid/66493

vdb-entryx_refsource_BID

https://security.gentoo.org/glsa/201605-05

vendor-advisoryx_refsource_GENTOO

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 10, 2014
Vulnerability Reserved
Mar 21, 2014

Linux-pam

What is CVE-2014-2583?

References

Timeline