Linux-PAM Pam_Unix.SO Authentication Bypass Vulnerability

Bugtraq ID:	22204
Class:	Design Error
CVE:	CVE-2007-0003
Remote:	Yes
Local:	Yes
Published:	Jan 24 2007 12:00AM
Updated:	Feb 20 2007 10:16PM
Credit:	Bernardo Innocenti discovered this issue.
Vulnerable:	SuSE SUSE Linux Enterprise Server 9 SuSE SUSE Linux Enterprise Server 10 SuSE Linux 9.3 SuSE Linux 9.2 SuSE Linux 9.1 SuSE Linux 10.1 SuSE Linux 10.0 Linux-PAM Linux-PAM 0.99.7 .0
Not Vulnerable:	Linux-PAM Linux-PAM 0.99.7 .1

Linux-PAM Pam_Unix.SO Authentication Bypass Vulnerability

Linux-PAM is prone to an authentication-bypass vulnerability because it fails to effectively verify user passwords during the authentication process.

Exploiting this issue could allow an attacker to gain unauthorized access to an affected computer.

Version 0.99.7.0 is vulnerable.

Linux-PAM Pam_Unix.SO Authentication Bypass Vulnerability

An attacker can exploit this issue by logging into a vulnerable account using arbitrary data for the supplied password.

Linux-PAM Pam_Unix.SO Authentication Bypass Vulnerability

Solution:
Version 0.99.7.1 has been released to address this issue. Please see the references for more information.


Linux-PAM Linux-PAM 0.99.7 .0

• Linux-PAM Linux-PAM-0.99.7.1.tar.gz
  http://www.kernel.org/pub/linux/libs/pam/pre/library/Linux-PAM-0.99.7. 1.tar.gz

Linux-PAM Pam_Unix.SO Authentication Bypass Vulnerability

References:

• Linux-PAM 0.99.7.1 released (Redhat)
  
• Linux-PAM Home Page (Linux-PAM)