Oval Definition:	oval:org.mitre.oval:def:10193
Revision Date: 2013-04-29 Version: 11 Title: The SELinux version of PAM before 0.78 r3 allows local users to perform brute force password guessing attacks via unix_chkpwd, which does not log failed guesses or delay its responses. Description: The SELinux version of PAM before 0.78 r3 allows local users to perform brute force password guessing attacks via unix_chkpwd, which does not log failed guesses or delay its responses. Family: unix Class: vulnerability Status: ACCEPTED Reference(s): CVE-2005-2977 Platform(s): CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 4 Product(s): Definition Synopsis RHEL4, CentOS4 or Oracle Linux 4 The operating system installed on the system is Red Hat Enterprise Linux 4 OR CentOS Linux 4.x OR Oracle Linux 4.x AND Configuration section pam-devel is earlier than 0:0.77-66.13 OR pam is earlier than 0:0.77-66.13
BACK