Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
kcheckpass passes a user-supplied argument to the pam_start function, often within a setuid environment, which allows local users to invoke any configured PAM stack, and possibly trigger unintended side effects, via an arbitrary valid PAM service name, a different vulnerability than CVE-2011-4122. NOTE: the vendor indicates that the possibility of resultant privilege escalation may be "a bit far-fetched."
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
kcheckpass pam_start函数授权问题漏洞
Vulnerability Description
kcheckpass中存在漏洞,该漏洞源于kcheckpass经常在setuid环境中向pam_start函数传递用户提供的论证。本地用户可利用该漏洞调用任意配置PAM栈,可能借助任意有效PAM服务器名称触发无意识的副作用。
CVSS Information
N/A
Vulnerability Type
N/A