Vulnerability Description
pam_console does not properly restore ownership for certain console devices when there are multiple users logged into the console and one user logs out, which might allow local users to gain privileges.
CVSS Score
3.4
LOW
AV:L/AC:H/Au:M/C:P/I:P/A:P
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Redhat | Enterprise Linux | 4.4 |
References
- ftp://patches.sgi.com/support/free/security/advisories/20070602-01-P.asc
- http://lists.grok.org.uk/pipermail/full-disclosure/2007-September/065902.html
- http://osvdb.org/37271
- http://secunia.com/advisories/25631
- http://secunia.com/advisories/25894
- http://secunia.com/advisories/26909
- http://secunia.com/advisories/27590
- http://secunia.com/advisories/27706
- http://secunia.com/advisories/28319
- http://security.gentoo.org/glsa/glsa-200711-23.xml
- http://support.avaya.com/elmodocs2/security/ASA-2007-526.htm
- http://www.redhat.com/support/errata/RHSA-2007-0465.html
- http://www.redhat.com/support/errata/RHSA-2007-0555.html
- http://www.redhat.com/support/errata/RHSA-2007-0737.html
- http://www.vupen.com/english/advisories/2007/3229
FAQ
What is CVE-2007-1716?
CVE-2007-1716 is a vulnerability with a CVSS score of 3.4 (LOW). pam_console does not properly restore ownership for certain console devices when there are multiple users logged into the console and one user logs out, which might allow local users to gain privilege...
How severe is CVE-2007-1716?
CVE-2007-1716 has been rated LOW with a CVSS base score of 3.4/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2007-1716?
Check the references section above for vendor advisories and patch information. Affected products include: Redhat Enterprise Linux.