Unrated severityNVD Advisory· Published Jun 3, 2008· Updated Jun 16, 2026
CVE-2008-2516
CVE-2008-2516
Description
pam_sm_authenticate in pam_pgsql.c in libpam-pgsql 0.6.3 does not properly consider operator precedence when evaluating the success of a pam_get_pass function call, which allows local users to gain privileges via a SIGINT signal when this function is executing, as demonstrated by a CTRL-C sequence at a sudo password prompt in an "auth sufficient pam_pgsql.so" configuration.
Affected products
2cpe:2.3:a:libpam-pgsql:libpam-pgsql:0.6.3:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:libpam-pgsql:libpam-pgsql:0.6.3:*:*:*:*:*:*:*
- (no CPE)range: =0.6.3
Patches
Vulnerability mechanics
References
7News mentions
0No linked articles in our index yet.