oss-sec mailing list archives
CVE Request: libpam-sshauth: local root privilege escalation
From: Salvatore Bonaccorso <carnil () debian org>
Date: Sun, 1 May 2016 07:43:04 +0200
Hi Due to a programming error, libpam-sshauth returned PAM_SUCCESS where it should fail with PAM_AUTH_ERR. This was fixed in Debian in the last upload to unstable with the attached patch. Introduced with: https://bazaar.launchpad.net/~ltsp-upstream/ltsp/libpam-sshauth/revision/93/src/pam_sshauth.c Fixed by: https://bazaar.launchpad.net/~ltsp-upstream/ltsp/libpam-sshauth/revision/114 Could you assign a CVE for this issue? Regards, Salvatore
Attachment:
return-pam-auth-err-with-system-user
Description:
Current thread:
- CVE Request: libpam-sshauth: local root privilege escalation Salvatore Bonaccorso (Apr 30)
- Re: CVE Request: libpam-sshauth: local root privilege escalation cve-assign (May 01)
- Re: CVE Request: libpam-sshauth: local root privilege escalation Salvatore Bonaccorso (May 03)
- Re: CVE Request: libpam-sshauth: local root privilege escalation Vagrant Cascadian (May 03)
- Re: CVE Request: libpam-sshauth: local root privilege escalation Scott Balneaves (May 03)
- Re: CVE Request: libpam-sshauth: local root privilege escalation Salvatore Bonaccorso (May 03)
- Re: CVE Request: libpam-sshauth: local root privilege escalation cve-assign (May 01)