pam_per_user before 0.4 does not verify if the user name changes between authentication attempts and uses the same subrequest handle, which allows remote attackers or local users to login as other users by using certain applications that allow the username to be changed during authentication, such as /bin/login.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2005-09-16T04:00:00

Updated: 2024-08-07T22:53:30.215Z

Reserved: 2005-09-16T00:00:00

Link: CVE-2005-2949

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2005-09-16T22:03:00.000

Modified: 2024-11-21T00:00:46.750

Link: CVE-2005-2949

cve-icon Redhat

No data.