Vulnerability Name:

CVE-2000-0668 (CCN-5001)

Assigned:2000-07-27
Published:2000-07-27
Updated:2017-10-10
Summary:pam_console PAM module in Linux systems allows a user to access the system console and reboot the system when a display manager such as gdm or kdm has XDMCP enabled.
CVSS v3 Severity:5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Low
CVSS v2 Severity:5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Partial
5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Partial
Vulnerability Type:CWE-Other
Vulnerability Consequences:Gain Access
References:Source: BUGTRAQ
Type: UNKNOWN
20000727 CONECTIVA LINUX SECURITY ANNOUNCEMENT - PAM

Source: BUGTRAQ
Type: UNKNOWN
20000801 MDKSA-2000:029 pam update

Source: MITRE
Type: CNA
CVE-2000-0668

Source: CCN
Type: Conectiva Linux Announcement CLSA-2000:112
pam: Remote users being treated as local ones

Source: CCN
Type: RHSA-2000:044-02
Updated PAM packages are available

Source: CCN
Type: OSVDB ID: 1478
Linux pam_console XDMCP Remote Reboot

Source: REDHAT
Type: UNKNOWN
RHSA-2000:044

Source: BID
Type: Exploit, Patch, Vendor Advisory
1513

Source: CCN
Type: BID-1513
Multiple Linux Vendor pam_console Remote User Vulnerability

Source: CCN
Type: MandrakeSoft Security Advisory MDKSA-2000:029
pam

Source: XF
Type: UNKNOWN
linux-pam-console(5001)

Source: XF
Type: UNKNOWN
linux-pam-console(5001)

Vulnerable Configuration:Configuration 1:
  • cpe:/a:michael_k._johnson:pam_console:0.66:*:*:*:*:*:*:*
  • OR cpe:/a:michael_k._johnson:pam_console:0.72_unpatched:*:*:*:*:*:*:*
  • OR cpe:/o:conectiva:linux:4.0:*:*:*:*:*:*:*
  • OR cpe:/o:conectiva:linux:4.0es:*:*:*:*:*:*:*
  • OR cpe:/o:conectiva:linux:4.1:*:*:*:*:*:*:*
  • OR cpe:/o:conectiva:linux:4.2:*:*:*:*:*:*:*
  • OR cpe:/o:conectiva:linux:5.0:*:*:*:*:*:*:*
  • OR cpe:/o:conectiva:linux:5.1:*:*:*:*:*:*:*

    • Configuration 2:
  • cpe:/o:redhat:linux:6.0:*:alpha:*:*:*:*:*
  • OR cpe:/o:redhat:linux:6.0:*:i386:*:*:*:*:*
  • OR cpe:/o:redhat:linux:6.0:*:sparc:*:*:*:*:*
  • OR cpe:/o:redhat:linux:6.1:*:alpha:*:*:*:*:*
  • OR cpe:/o:redhat:linux:6.1:*:i386:*:*:*:*:*
  • OR cpe:/o:redhat:linux:6.1:*:sparc:*:*:*:*:*
  • OR cpe:/o:redhat:linux:6.2:*:alpha:*:*:*:*:*
  • OR cpe:/o:redhat:linux:6.2:*:i386:*:*:*:*:*
  • OR cpe:/o:redhat:linux:6.2:*:sparc:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/o:redhat:linux:*:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:-:*:*:*:*:*:*:*
  • OR cpe:/a:connectiva:linux:-:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    michael_k._johnson pam console 0.66
    michael_k._johnson pam console 0.72_unpatched
    conectiva linux 4.0
    conectiva linux 4.0es
    conectiva linux 4.1
    conectiva linux 4.2
    conectiva linux 5.0
    conectiva linux 5.1
    redhat linux 6.0
    redhat linux 6.0
    redhat linux 6.0
    redhat linux 6.1
    redhat linux 6.1
    redhat linux 6.1
    redhat linux 6.2
    redhat linux 6.2
    redhat linux 6.2
    redhat linux *
    mandrakesoft mandrake linux -
    connectiva linux -