Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
The run_coprocess function in pam_xauth.c in the pam_xauth module in Linux-PAM (aka pam) before 1.1.2 does not check the return values of the setuid, setgid, and setgroups system calls, which might allow local users to read arbitrary files by executing a program that relies on the pam_xauth PAM check.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Kernel Linux-PAM pam_xauth模块pam_xauth.c文件程序读取任意文件漏洞
Vulnerability Description
Linux-PAM(又名PAM)是一种用于Linux平台中的认证机制,它通过提供一些动态链接库和一套统一的API,使系统管理员可以自由选择应用程序使用的验证机制。 Linux-PAM(又名pam)1.1.2之前版本中的pam_xauth模块中的pam_xauth.c文件的run_coprocess函数没有检查setuid,setgid和setgroups系统调用的返回值。本地用户可以通过执行依靠pam_xauth PAM检查的程序读取任意文件。
CVSS Information
N/A
Vulnerability Type
N/A