Pam
by Pam
CVEs (3)
| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2005-2977 | 0.00 | — | 0.00 | Nov 1, 2005 | The SELinux version of PAM before 0.78 r3 allows local users to perform brute force password guessing attacks via unix_chkpwd, which does not log failed guesses or delay its responses. | ||
| CVE-2002-1227 | 0.00 | — | 0.01 | Oct 28, 2002 | PAM 0.76 treats a disabled password as if it were an empty (null) password, which allows local and remote attackers to gain privileges as disabled users. | ||
| CVE-1999-0342 | 0.00 | — | 0.00 | Dec 1, 1998 | Linux PAM modules allow local users to gain root access using temporary files. |
- CVE-2005-2977Nov 1, 2005risk 0.00cvss —epss 0.00
The SELinux version of PAM before 0.78 r3 allows local users to perform brute force password guessing attacks via unix_chkpwd, which does not log failed guesses or delay its responses.
- CVE-2002-1227Oct 28, 2002risk 0.00cvss —epss 0.01
PAM 0.76 treats a disabled password as if it were an empty (null) password, which allows local and remote attackers to gain privileges as disabled users.
- CVE-1999-0342Dec 1, 1998risk 0.00cvss —epss 0.00
Linux PAM modules allow local users to gain root access using temporary files.