CVE-2008-2516 - Vulnerability Details - OpenCVE

pam_sm_authenticate in pam_pgsql.c in libpam-pgsql 0.6.3 does not properly consider operator precedence when evaluating the success of a pam_get_pass function call, which allows local users to gain privileges via a SIGINT signal when this function is executing, as demonstrated by a CTRL-C sequence at a sudo password prompt in an "auth sufficient pam_pgsql.so" configuration.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

This CVE is not in the KEV list.

The EPSS score is 0.00058.

Key SSVC decision points have not yet been added.

Vendors	Products
Libpam-pgsql	Libpam-pgsql

Configuration 1 [-]

cpe:2.3:a:libpam-pgsql:libpam-pgsql:0.6.3:*:*:*:*:*:*:*

No data.

No data.

Advisories

Source	ID	Title
EUVD	EUVD-2008-2511	pam_sm_authenticate in pam_pgsql.c in libpam-pgsql 0.6.3 does not properly consider operator precedence when evaluating the success of a pam_get_pass function call, which allows local users to gain privileges via a SIGINT signal when this function is executing, as demonstrated by a CTRL-C sequence at a sudo password prompt in an "auth sufficient pam_pgsql.so" configuration.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=481970
http://secunia.com/advisories/30391
http://sourceforge.net/project/shownotes.php?release_id=601775
http://www.securityfocus.com/bid/29360
http://www.securitytracker.com/id?1020111
http://www.vupen.com/english/advisories/2008/1654/references
https://exchange.xforce.ibmcloud.com/vulnerabilities/42653

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2008-06-03T14:00:00

Updated: 2024-08-07T09:05:29.865Z

Reserved: 2008-06-03T00:00:00

Link: CVE-2008-2516

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2008-06-03T14:32:00.000

Modified: 2025-04-09T00:30:58.490

Link: CVE-2008-2516

Redhat

No data.

OpenCVE Enrichment

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2008-05-19T00:00:00", "descriptions": [{"lang": "en", "value": "pam_sm_authenticate in pam_pgsql.c in libpam-pgsql 0.6.3 does not properly consider operator precedence when evaluating the success of a pam_get_pass function call, which allows local users to gain privileges via a SIGINT signal when this function is executing, as demonstrated by a CTRL-C sequence at a sudo password prompt in an \"auth sufficient pam_pgsql.so\" configuration."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-08-07T12:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "30391", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/30391"}, {"name": "ADV-2008-1654", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2008/1654/references"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=481970"}, {"name": "libpampgsql-pamsm-security-bypass(42653)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42653"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://sourceforge.net/project/shownotes.php?release_id=601775"}, {"name": "1020111", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id?1020111"}, {"name": "29360", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/29360"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2008-2516", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "pam_sm_authenticate in pam_pgsql.c in libpam-pgsql 0.6.3 does not properly consider operator precedence when evaluating the success of a pam_get_pass function call, which allows local users to gain privileges via a SIGINT signal when this function is executing, as demonstrated by a CTRL-C sequence at a sudo password prompt in an \"auth sufficient pam_pgsql.so\" configuration."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "30391", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/30391"}, {"name": "ADV-2008-1654", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2008/1654/references"}, {"name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=481970", "refsource": "CONFIRM", "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=481970"}, {"name": "libpampgsql-pamsm-security-bypass(42653)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42653"}, {"name": "http://sourceforge.net/project/shownotes.php?release_id=601775", "refsource": "CONFIRM", "url": "http://sourceforge.net/project/shownotes.php?release_id=601775"}, {"name": "1020111", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id?1020111"}, {"name": "29360", "refsource": "BID", "url": "http://www.securityfocus.com/bid/29360"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T09:05:29.865Z"}, "title": "CVE Program Container", "references": [{"name": "30391", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/30391"}, {"name": "ADV-2008-1654", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2008/1654/references"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=481970"}, {"name": "libpampgsql-pamsm-security-bypass(42653)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42653"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://sourceforge.net/project/shownotes.php?release_id=601775"}, {"name": "1020111", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id?1020111"}, {"name": "29360", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/29360"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2008-2516", "datePublished": "2008-06-03T14:00:00", "dateReserved": "2008-06-03T00:00:00", "dateUpdated": "2024-08-07T09:05:29.865Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:libpam-pgsql:libpam-pgsql:0.6.3:*:*:*:*:*:*:*", "matchCriteriaId": "7537CF9B-687D-4522-B7DF-A5B86FA2878F", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "pam_sm_authenticate in pam_pgsql.c in libpam-pgsql 0.6.3 does not properly consider operator precedence when evaluating the success of a pam_get_pass function call, which allows local users to gain privileges via a SIGINT signal when this function is executing, as demonstrated by a CTRL-C sequence at a sudo password prompt in an \"auth sufficient pam_pgsql.so\" configuration."}, {"lang": "es", "value": "pam_sm_authenticate en pam_pgsql.c de libpam-pgsql 0.6.3 no considera apropiadamente la prioridad de los operadores cuando eval\u00faan el \u00e9xito de una llamada a la funci\u00f3n pam_get_pass, lo cual permite a usuarios locales conseguir privilegios a trav\u00e9s de una se\u00f1al SIGINT cuando esta funci\u00f3n se est\u00e1 ejecutando, tal y como lo demostrado por la secuencia CTRL-C en la introducci\u00f3n de la contase\u00f1a de sudo en una configuraci\u00f3n \"auth sufficient pam_pgsql.so\".\r\n"}], "id": "CVE-2008-2516", "lastModified": "2025-04-09T00:30:58.490", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.6, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2008-06-03T14:32:00.000", "references": [{"source": "cve@mitre.org", "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=481970"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/30391"}, {"source": "cve@mitre.org", "url": "http://sourceforge.net/project/shownotes.php?release_id=601775"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/29360"}, {"source": "cve@mitre.org", "url": "http://www.securitytracker.com/id?1020111"}, {"source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2008/1654/references"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42653"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=481970"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/30391"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://sourceforge.net/project/shownotes.php?release_id=601775"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/29360"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securitytracker.com/id?1020111"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.vupen.com/english/advisories/2008/1654/references"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42653"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-287"}], "source": "nvd@nist.gov", "type": "Primary"}]}