Vulnerability Description
pam_per_user before 0.4 does not verify if the user name changes between authentication attempts and uses the same subrequest handle, which allows remote attackers or local users to login as other users by using certain applications that allow the username to be changed during authentication, such as /bin/login.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Mark D. Roth | Pam Per User | 0.1 |
References
- http://marc.info/?l=bugtraq&m=112654636915661&w=2
- http://secunia.com/advisories/16781/PatchVendor Advisory
- http://securityreason.com/securityalert/2
- http://www.securityfocus.com/bid/14813Patch
- http://marc.info/?l=bugtraq&m=112654636915661&w=2
- http://secunia.com/advisories/16781/PatchVendor Advisory
- http://securityreason.com/securityalert/2
- http://www.securityfocus.com/bid/14813Patch
FAQ
What is CVE-2005-2949?
CVE-2005-2949 is a vulnerability with a CVSS score of 7.5 (HIGH). pam_per_user before 0.4 does not verify if the user name changes between authentication attempts and uses the same subrequest handle, which allows remote attackers or local users to login as other use...
How severe is CVE-2005-2949?
CVE-2005-2949 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2005-2949?
Check the references section above for vendor advisories and patch information. Affected products include: Mark D. Roth Pam Per User.