Multiple Linux Vendor pam_console Vulnerability

BID:1176

Info

Multiple Linux Vendor pam_console Vulnerability

Bugtraq ID: 1176
Class: Access Validation Error
CVE:
Remote: No
Local: Yes
Published: May 03 2000 12:00AM
Updated: May 03 2000 12:00AM
Credit: This vulnerability was posted to the Bugtraq mailing list on May 2, 2000 by Michal Zalewski <[email protected]>
Vulnerable: Redhat Linux 6.2 sparc
Redhat Linux 6.2 i386
Redhat Linux 6.2 alpha
Redhat Linux 6.1 sparc
Redhat Linux 6.1 i386
Redhat Linux 6.1 alpha
Redhat Linux 6.0 sparc
Redhat Linux 6.0 alpha
Redhat Linux 6.0
Not Vulnerable:

Discussion

Multiple Linux Vendor pam_console Vulnerability

A vulnerability exists in the pam_console PAM module, included as part of any Linux system running PAM. pam_console exists to own certain devices to users logging in to the console of a Linux machine. It is designed to allow only console users to utilize things such as sound devices. It will chown devices to users upon logging in, and chown them back to being owned by root upon logout. However, as certain devices do not have a 'hangup' mechanism, like a tty device, it is possible for a local user to continue to monitor activity on certain devices after logging out. This could allow an malicious user to sniff other users console sessions, and potentially obtain the root password if the root user logs in, or a user su's to root. They could also surreptitiously execute commands as the user on the console.

Exploit / POC

Multiple Linux Vendor pam_console Vulnerability

Exploit available:

Solution / Fix

Multiple Linux Vendor pam_console Vulnerability

References

Multiple Linux Vendor pam_console Vulnerability

References:
© CVE.report 2026 |

Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.

CVE, CWE, and OVAL are registred trademarks of The MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. This site includes MITRE data granted under the following license.

Free CVE JSON API cve.report/api

CVE.report and Source URL Uptime Status status.cve.report