CVE-2001-1147

Summary

CVE	CVE-2001-1147
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2001-10-08 04:00:00 UTC
Updated	2008-09-05 20:25:00 UTC
Description	The PAM implementation in /bin/login of the util-linux package before 2.11 causes a password entry to be rewritten across multiple PAM calls, which could provide the credentials of one user to a different user, when used in certain PAM modules such as pam_limits.

Risk And Classification

Problem Types: NVD-CWE-Other

NVD Known Affected Configurations (CPE 2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Application	Andries Brouwer	Util-linux	2.10s	All	All	All
Application	Andries Brouwer	Util-linux	2.11f	All	All	All
Application	Andries Brouwer	Util-linux	2.11h	All	All	All
Application	Andries Brouwer	Util-linux	2.11i	All	All	All
Application	Andries Brouwer	Util-linux	2.11k	All	All	All
Application	Andries Brouwer	Util-linux	2.10s	All	All	All
Application	Andries Brouwer	Util-linux	2.11f	All	All	All
Application	Andries Brouwer	Util-linux	2.11h	All	All	All
Application	Andries Brouwer	Util-linux	2.11i	All	All	All
Application	Andries Brouwer	Util-linux	2.11k	All	All	All

References

Reference	Source	Link	Tags
Red Hat Linux PAM Vulnerability	CIAC	www.ciac.org
Util-Linux Login Pam Privilege Elevation Vulnerability	BID	www.securityfocus.com	Patch, Vendor Advisory
ISS X-Force Database:	XF	www.iss.net	Patch, Vendor Advisory
MandrakeSoft Update Advisory MDKSA-2001:084 : util-linux	MANDRAKE	www.linux-mandrake.com
SecurityFocus HOME Mailing List: BugTraq	BUGTRAQ	www.securityfocus.com	Vendor Advisory
Security Announcement	SUSE	www.novell.com
redhat.com \| Red Hat Support	REDHAT	www.redhat.com
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

There are currently no legacy QID mappings associated with this CVE.