Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ubuntucveUbuntu.comUB:CVE-2014-2583
HistoryApr 10, 2014 - 12:00 a.m.

CVE-2014-2583

2014-04-1000:00:00
ubuntu.com
ubuntu.com
17

CVSS2

5.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

EPSS

0.003

Percentile

71.7%

JSON

Multiple directory traversal vulnerabilities in pam_timestamp.c in the
pam_timestamp module for Linux-PAM (aka pam) 1.1.8 allow local users to
create arbitrary files or possibly bypass authentication via a โ€ฆ (dot dot)
in the (1) PAM_RUSER value to the get_ruser function or (2) PAM_TTY value
to the check_tty function, which is used by the format_timestamp_name
function.

Notes

Author Note
jdstrand Ubuntu does not use pam_timestamp.so by default
OSVersionArchitecturePackageVersionFilename
ubuntu12.04noarchpam<ย 1.1.3-7ubuntu2.1UNKNOWN
ubuntu14.04noarchpam<ย 1.1.8-1ubuntu2.1UNKNOWN

Related

nessus 10
nvd 1
prion 1
cve 1
debiancve 1
openvas 7
seebug 1
cvelist 1
amazon 1
mageia 1
fedora 1
ubuntu 3
cloudfoundry 1
gentoo 1
osv 1
nessus
nessus
SuSE 11.3 Security Update : pam (SAT Patch Number 9119)
2014-05-13 00:00:00
RHEL 6 : pam (Unpatched Vulnerability)
2024-06-03 00:00:00
Amazon Linux AMI : pam (ALAS-2014-354)
2014-10-12 00:00:00
nvd
nvd
CVE-2014-2583
2014-04-10 20:29:20
prion
prion
Directory traversal
2014-04-10 20:29:00
cve
cve
CVE-2014-2583
2014-04-10 20:29:20
debiancve
debiancve
CVE-2014-2583
2014-04-10 20:29:20
openvas
openvas
SUSE: Security Advisory (SUSE-SU-2014:0631-1)
2021-06-09 00:00:00
Mageia: Security Advisory (MGASA-2015-0213)
2022-01-28 00:00:00
Fedora Update for pam FEDORA-2014-16350
2014-12-19 00:00:00
seebug
seebug
Linux-PAM &quot;pam_timestamp&quot;ๆจกๅ—็›ฎๅฝ•้ๅŽ†ๆผๆดž
2014-04-10 00:00:00
cvelist
cvelist
CVE-2014-2583
2014-04-10 14:00:00
amazon
amazon
Medium: pam
2014-06-15 16:18:00
mageia
mageia
Updated pam packages fix security vulnerabilities
2015-05-12 22:37:48
fedora
fedora
[SECURITY] Fedora 20 Update: pam-1.1.8-2.fc20
2014-12-18 06:07:52
ubuntu
ubuntu
PAM regression
2016-03-16 00:00:00
PAM vulnerabilities
2016-03-16 00:00:00
PAM regression
2016-03-17 00:00:00
cloudfoundry
cloudfoundry
USN-2935-2 PAM regression | Cloud Foundry
2016-05-06 00:00:00
gentoo
gentoo
Linux-PAM: Multiple vulnerabilities
2016-05-31 00:00:00
osv
osv
pam-1.3.0-3.4 on GA media
2024-06-15 00:00:00

CVSS2

5.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

EPSS

0.003

Percentile

71.7%

JSON
Related for UB:CVE-2014-2583
nessus10nvd1prion1cve1debiancve1openvas7seebug1cvelist1amazon1mageia1fedora1ubuntu3cloudfoundry1gentoo1osv1