Rapid7 Vulnerability & Exploit Database

ELSA-2007-0465 Moderate: Enterprise Linux pam security and bug fix update

Free InsightVM Trial No credit card necessary

Watch Demo See how it all works

Back to Search

ELSA-2007-0465 Moderate: Enterprise Linux pam security and bug fix update

Severity

CVSS

(AV:L/AC:H/Au:M/C:P/I:P/A:P)

Published

12/31/2004

Created

07/25/2018

Added

12/20/2011

Modified

04/11/2019

Description

pam_console does not properly restore ownership for certain console devices when there are multiple users logged into the console and one user logs out, which might allow local users to gain privileges.

Solution(s)

oracle-linux-upgrade-cdrecord
oracle-linux-upgrade-cdrecord-devel
oracle-linux-upgrade-mkisofs
oracle-linux-upgrade-pam
oracle-linux-upgrade-pam-devel

References

https://attackerkb.com/topics/cve-2004-0813
25749
CVE - 2004-0813
CVE - 2007-1716
OVAL10011
OVAL11483
RHSA-2007:0465
RHSA-2007:0555
RHSA-2007:0737
20070602-01-P
http://oss.oracle.com/pipermail/el-errata/2007-June/000181.html
17505

Advanced vulnerability management analytics and reporting.

Key Features

Free InsightVM Trial View All Features

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;