Vulnerability Name:

CVE-2005-2977 (CCN-22900)

Assigned:2005-10-26
Published:2005-10-26
Updated:2017-10-11
Summary:The SELinux version of PAM before 0.78 r3 allows local users to perform brute force password guessing attacks via unix_chkpwd, which does not log failed guesses or delay its responses.
CVSS v3 Severity:4.0 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): None
Availibility (A): None
CVSS v2 Severity:2.1 Low (CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): None
Availibility (A): None
2.1 Low (CCN CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): None
Availibility (A): None
Vulnerability Type:CWE-Other
Vulnerability Consequences:Obtain Information
References:Source: MITRE
Type: CNA
CVE-2005-2977

Source: CONFIRM
Type: UNKNOWN
http://cvs.sourceforge.net/viewcvs.py/pam/Linux-PAM/NEWS?rev=1.6&view=markup

Source: CCN
Type: RHSA-2005-805
pam security update

Source: SECUNIA
Type: UNKNOWN
17346

Source: SECUNIA
Type: UNKNOWN
17350

Source: CCN
Type: SA17352
SELinux "unix_chkpwd" Security Bypass Security Issue

Source: SECUNIA
Type: UNKNOWN
17352

Source: SECUNIA
Type: Patch, Vendor Advisory
17365

Source: CCN
Type: SECTRACK ID: 1015111
PAM with SELinux Lets Local Users Invoke unix_chkpwd to Conduct Password Guessing Attacks

Source: SECTRACK
Type: UNKNOWN
1015111

Source: CCN
Type: GLSA-200510-22
SELinux PAM: Local password guessing attack

Source: GENTOO
Type: Patch, Vendor Advisory
GLSA-200510-22

Source: CCN
Type: The The Linux Kernel Archives Web site
A Linux-PAM page

Source: REDHAT
Type: UNKNOWN
RHSA-2005:805

Source: BID
Type: UNKNOWN
15217

Source: CCN
Type: BID-15217
PAM Unix_Chkpwd Unauthorized Access Vulnerability

Source: VUPEN
Type: UNKNOWN
ADV-2005-2227

Source: MISC
Type: UNKNOWN
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=168181

Source: XF
Type: UNKNOWN
pam-selinux-chkpwd-brute-force(22900)

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:10193

Vulnerable Configuration:Configuration 1:
  • cpe:/a:pam:pam:*:*:selinux:*:*:*:*:* (Version <= 0.80)

    • Configuration RedHat 1:
  • cpe:/o:redhat:enterprise_linux:*:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.mitre.oval:def:10193
    V
    		The SELinux version of PAM before 0.78 r3 allows local users to perform brute force password guessing attacks via unix_chkpwd, which does not log failed guesses or delay its responses.
    2013-04-29
    oval:com.redhat.rhsa:def:20050805
    P
    		RHSA-2005:805: pam security update (Low)
    2005-10-26
    BACK
    pam pam *