vendor:
Linux-Pam
by:
SecurityFocus
7.2
CVSS
HIGH
Authentication Bypass
287
CWE
Product Name: Linux-Pam
Affected Version From: Linux-Pam 0.75
Affected Version To: Linux-Pam 0.75
Patch Exists: YES
Related CWE: CVE-2002-0417
CPE: a:linux-pam:linux-pam:0.75
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: Linux
2002
Linux-Pam pam_wheel Module Authentication Vulnerability
A vulnerability has been discovered in the Linux-Pam pam_wheel module. The problem exists in the way the module authenticates users under certain configurations. Specifically, if the module is configured to allow wheel group members to use the 'su' utility without supplying credentials and is not configured to verify the user's UID, it may be possible for a local attacker to elevated privileges. This can be accomplished by spoofing the users login named, returned by the getlogin() function, to that of a logged in user of the wheel group. Successful exploitation of this condition could ultimately result in an attacker gaining local root access on the target system.
Mitigation:
Ensure that the pam_wheel module is configured to verify the user's UID and that the 'su' utility is not configured to allow wheel group members to use it without supplying credentials.
