VYPR
Unrated severityNVD Advisory· Published Jun 3, 2008· Updated Jun 16, 2026

CVE-2008-2516

CVE-2008-2516

Description

pam_sm_authenticate in pam_pgsql.c in libpam-pgsql 0.6.3 does not properly consider operator precedence when evaluating the success of a pam_get_pass function call, which allows local users to gain privileges via a SIGINT signal when this function is executing, as demonstrated by a CTRL-C sequence at a sudo password prompt in an "auth sufficient pam_pgsql.so" configuration.

Affected products

2
  • cpe:2.3:a:libpam-pgsql:libpam-pgsql:0.6.3:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:a:libpam-pgsql:libpam-pgsql:0.6.3:*:*:*:*:*:*:*
    • (no CPE)range: =0.6.3

Patches

Vulnerability mechanics

References

7

News mentions

0

No linked articles in our index yet.