NVD

Id
2424  
Name
CVE-2008-2516  
Description
pam_sm_authenticate in pam_pgsql.c in libpam-pgsql 0.6.3 does not properly consider operator precedence when evaluating the success of a pam_get_pass function call, which allows local users to gain privileges via a SIGINT signal when this function is executing, as demonstrated by a CTRL-C sequence at a sudo password prompt in an "auth sufficient pam_pgsql.so" configuration.  
Reject
 
CVSS Version
2  
CVSS Score
4.6  
Severity
Medium  
CVSS Base Score
4.6  
CVSS Impact Subscore
6.4  
CVSS Exploit Subscore
3.9  
CVSS Vector
(AV:L/AC:L/Au:N/C:P/I:P/A:P)  
Pub Date
2017-01-03  
Published
2008-06-03  
Modified Date
2011-03-07  
Seq
2008-2516  

Actions

Related NVD References

Id NVD Id NVD No. Reference Actions
15429 2424 CVE-2008-2516 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=481970  View
15430 2424 CVE-2008-2516 http://sourceforge.net/project/shownotes.php?release_id=601775  View
15431 2424 CVE-2008-2516 29360  View
15432 2424 CVE-2008-2516 1020111  View
15433 2424 CVE-2008-2516 ADV-2008-1654  View
15434 2424 CVE-2008-2516 libpampgsql-pamsm-security-bypass(42653)  View

Related JVN

Id Name Title Summary Cveinfo Name Cveinfo Id Nvdinfo Name Nvdinfo Id Cvssv2 Cvssv3 Jvnurl Published Date Last Updated Date Actions
49185 JVNDB-2008-004495 libpam-pgsql の pam_pgsql.c の pam_sm_authenticate における権限を取得される脆弱性 libpam-pgsql の pam_pgsql.c の pam_sm_authenticate は、pam_get_pass 関数呼び出しの成功を確認する際、演算子の優先順位を適切に考慮しないため、権限を取得される脆弱性が存在します。 CVE-2008-2516 32629 CVE-2008-2516 2424 4.6 http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-004495.html 2008-06-03 2012-09-25 View