Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Multiple directory traversal vulnerabilities in pam_timestamp.c in the pam_timestamp module for Linux-PAM (aka pam) 1.1.8 allow local users to create arbitrary files or possibly bypass authentication via a .. (dot dot) in the (1) PAM_RUSER value to the get_ruser function or (2) PAM_TTY value to the check_tty function, which is used by the format_timestamp_name function.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Linux-PAM pam_timestamp模块目录遍历漏洞
Vulnerability Description
Linux-PAM(又名PAM)是一种用于Linux平台中的认证机制,它通过提供一些动态链接库和一套统一的API,使系统管理员可以自由选择应用程序使用的验证机制。pam_timestamp是其中的一个身份验证缓存模块。 Linux-PAM 1.1.8版本的pam_timestamp模块中的pam_timestamp.c文件存在目录遍历漏洞,该漏洞源于‘get_ruser’函数没有充分过滤PAM_RUSER值,‘check_tty’函数没有充分过滤PAM_TTY值。本地攻击者可借助目录遍历字符‘..’利用该
CVSS Information
N/A
Vulnerability Type
N/A