Security Advisory

CVE-2014-2583

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2014-04-10 14:00:00

Last updated 2024-08-06 10:21:35

Assigner mitre

State PUBLISHED

Description

Multiple directory traversal vulnerabilities in pam_timestamp.c in the pam_timestamp module for Linux-PAM (aka pam) 1.1.8 allow local users to create arbitrary files or possibly bypass authentication via a .. (dot dot) in the (1) PAM_RUSER value to the get_ruser function or (2) PAM_TTY value to the check_tty function, which is used by the format_timestamp_name function.

← Browse all CVEs View on cve.org ↗