Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
pam_per_user before 0.4 does not verify if the user name changes between authentication attempts and uses the same subrequest handle, which allows remote attackers or local users to login as other users by using certain applications that allow the username to be changed during authentication, such as /bin/login.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Mark D. Roth PAM_Per_User认证绕过漏洞
Vulnerability Description
pam_per_user模块允许基于每个用户调用不同的认证机制。 pam_per_user模块在处理用户名缓存的机制上存在漏洞,远程攻击者可能利用此漏洞绕过认证。pam_per_user模块在工作时会使用外部映射文件,将任意用户映射到认证该用户的备选PAM服务名称上。然后模块会使用该服务名称创建新的PAM "subrequest"处理,并使用该PAM处理认证用户。pam_per_user在调用之间会缓存PAM "subrequest"处理。通常情况下调用之间用户名并不改变,因此这种方式可以很好地工作。但是
CVSS Information
N/A
Vulnerability Type
N/A