Back to search
CVE-2008-1946
Published: Jul 28, 2008
Modified: Aug 7, 2024
PUBLISHED
Description
The default configuration of su in /etc/pam.d/su in GNU coreutils 5.2.1 allows local users to gain the privileges of a (1) locked or (2) expired account by entering the account name on the command line, related to improper use of the pam_succeed_if.so module.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
oval:org.mitre.oval:def:10029
vdb-entry
signature
x_refsource_OVAL
coreutils-pamsucceedif-security-bypass(43993)
vdb-entry
x_refsource_XF
RHSA-2008:0780
vendor-advisory
x_refsource_REDHAT
1020552
vdb-entry
x_refsource_SECTRACK
30363
vdb-entry
x_refsource_BID
31225
third-party-advisory
x_refsource_SECUNIA
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now