3.4 Low
CVSS2
Attack Vector
LOCAL
Attack Complexity
HIGH
Authentication
MULTIPLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:H/Au:M/C:P/I:P/A:P
6.3 Medium
AI Score
Confidence
Low
0.003 Low
EPSS
Percentile
68.2%
pam_console does not properly restore ownership for certain console devices when there are multiple users logged into the console and one user logs out, which might allow local users to gain privileges.
CPE | Name | Operator | Version |
---|---|---|---|
redhat:enterprise_linux | redhat enterprise linux | eq | 4.4 |
ftp://patches.sgi.com/support/free/security/advisories/20070602-01-P.asc
lists.grok.org.uk/pipermail/full-disclosure/2007-September/065902.html
osvdb.org/37271
secunia.com/advisories/25631
secunia.com/advisories/25894
secunia.com/advisories/26909
secunia.com/advisories/27590
secunia.com/advisories/27706
secunia.com/advisories/28319
security.gentoo.org/glsa/glsa-200711-23.xml
support.avaya.com/elmodocs2/security/ASA-2007-526.htm
www.redhat.com/support/errata/RHSA-2007-0465.html
www.redhat.com/support/errata/RHSA-2007-0555.html
www.redhat.com/support/errata/RHSA-2007-0737.html
www.vupen.com/english/advisories/2007/3229
bugzilla.redhat.com/bugzilla/show_bug.cgi?id=230823
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11483