Vulnerability Name:

CVE-2007-1716 (CCN-33659)

Assigned:2007-03-03
Published:2007-03-03
Updated:2017-10-11
Summary:pam_console does not properly restore ownership for certain console devices when there are multiple users logged into the console and one user logs out, which might allow local users to gain privileges.
CVSS v3 Severity:8.1 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): High
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Changed
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
CVSS v2 Severity:3.4 Low (CVSS v2 Vector: AV:L/AC:H/Au:M/C:P/I:P/A:P)
2.5 Low (Temporal CVSS v2 Vector: AV:L/AC:H/Au:M/C:P/I:P/A:P/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): High
Authentication (Au): Multiple_Instances
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
6.2 Medium (CCN CVSS v2 Vector: AV:L/AC:H/Au:N/C:C/I:C/A:C)
4.6 Medium (CCN Temporal CVSS v2 Vector: AV:L/AC:H/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): High
Athentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
Vulnerability Type:CWE-Other
Vulnerability Consequences:Gain Privileges
References:Source: SGI
Type: UNKNOWN
20070602-01-P

Source: CCN
Type: Full-Disclosure Mailing List, Wed Sep 19 2007 - 21:15:23 CDT
VMSA-2007-0006 Critical security updates for all supported versions of VMware ESX Server, VMware Server, VMware Workstation, VMware ACE, and VMware Player

Source: MITRE
Type: CNA
CVE-2007-1716

Source: FULLDISC
Type: UNKNOWN
20070920 VMSA-2007-0006 Critical security updates for all supported versions of VMware ESX Server, VMware Server, VMware Workstation, VMware ACE, and VMware Player

Source: CCN
Type: VMware Security-announce Mailing list, Wed Sep 19 19:15:23 PDT 2007
VMSA-2007-0006 Critical security updates for all supported versions of VMware ESX Server, VMware Server, VMware Workstation, VMware ACE, and VMware Player

Source: OSVDB
Type: UNKNOWN
37271

Source: CCN
Type: RHSA-2007-0465
Moderate: pam security and bug fix update

Source: CCN
Type: RHSA-2007-0555
Moderate: pam security

Source: CCN
Type: RHSA-2007-0737
Moderate: pam security

Source: SECUNIA
Type: UNKNOWN
25631

Source: SECUNIA
Type: UNKNOWN
25894

Source: CCN
Type: SA26909
VMware ESX Server Multiple Security Updates

Source: SECUNIA
Type: UNKNOWN
26909

Source: SECUNIA
Type: UNKNOWN
27590

Source: SECUNIA
Type: UNKNOWN
27706

Source: CCN
Type: SA28319
Avaya Products pam Vulnerability and Security Issue

Source: SECUNIA
Type: UNKNOWN
28319

Source: GENTOO
Type: UNKNOWN
GLSA-200711-23

Source: CCN
Type: ASA-2007-325
PAM security and bug fix update (RHSA-2007-0465)

Source: CONFIRM
Type: UNKNOWN
http://support.avaya.com/elmodocs2/security/ASA-2007-526.htm

Source: CCN
Type: ASA-2007-526
PAM security bug fix and enhancement update (RHSA-2007-0737)

Source: CCN
Type: GLSA-200711-23
VMware Workstation and Player: Multiple vulnerabilities

Source: CCN
Type: OSVDB ID: 37271
pam_console Console Device Permission Restoration Weakness

Source: REDHAT
Type: UNKNOWN
RHSA-2007:0465

Source: REDHAT
Type: UNKNOWN
RHSA-2007:0555

Source: REDHAT
Type: UNKNOWN
RHSA-2007:0737

Source: CCN
Type: VMware, Inc. Web site
Download Patch ESX-1001728 for VMware ESX Server 3.0.2

Source: VUPEN
Type: UNKNOWN
ADV-2007-3229

Source: CCN
Type: Red Hat Bugzilla Bug 230823
CVE-2007-1716 Ownership of devices not returned to root after logout from console

Source: CONFIRM
Type: UNKNOWN
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=230823

Source: XF
Type: UNKNOWN
pamconsole-privilege-escalation(33659)

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:11483

Vulnerable Configuration:Configuration 1:
  • cpe:/o:redhat:enterprise_linux:4.4:*:*:*:*:*:*:*

    • Configuration RedHat 1:
  • cpe:/o:redhat:enterprise_linux:5:*:*:*:*:*:*:*

    • Configuration RedHat 2:
  • cpe:/o:redhat:enterprise_linux:5::client:*:*:*:*:*

    • Configuration RedHat 3:
  • cpe:/o:redhat:enterprise_linux:5::client_workstation:*:*:*:*:*

    • Configuration RedHat 4:
  • cpe:/o:redhat:enterprise_linux:5::server:*:*:*:*:*

    • Configuration RedHat 5:
  • cpe:/o:redhat:enterprise_linux:4:*:*:*:*:*:*:*

    • Configuration RedHat 6:
  • cpe:/o:redhat:enterprise_linux:4::as:*:*:*:*:*

    • Configuration RedHat 7:
  • cpe:/o:redhat:enterprise_linux:4::desktop:*:*:*:*:*

    • Configuration RedHat 8:
  • cpe:/o:redhat:enterprise_linux:4::es:*:*:*:*:*

    • Configuration RedHat 9:
  • cpe:/o:redhat:enterprise_linux:4::ws:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.mitre.oval:def:22147
    P
    		ELSA-2007:0555: pam security, bug fix, and enhancement update (Moderate)
    2014-07-21
    oval:org.mitre.oval:def:11483
    V
    		pam_console does not properly restore ownership for certain console devices when there are multiple users logged into the console and one user logs out, which might allow local users to gain privileges.
    2013-04-29
    oval:com.redhat.rhsa:def:20070465
    P
    		RHSA-2007:0465: pam security and bug fix update (Moderate)
    2008-03-20
    oval:com.redhat.rhsa:def:20070555
    P
    		RHSA-2007:0555: pam security, bug fix, and enhancement update (Moderate)
    2008-03-20
    oval:com.redhat.rhsa:def:20070737
    P
    		RHSA-2007:0737: pam security, bug fix, and enhancement update (Moderate)
    2008-03-20
    BACK
    redhat enterprise linux 4.4