fkie_cve-2007-1716
Vulnerability from fkie_nvd
Published
2007-03-27 22:19
Modified
2025-04-09 00:30
Severity ?
Summary
pam_console does not properly restore ownership for certain console devices when there are multiple users logged into the console and one user logs out, which might allow local users to gain privileges.
References
cve@mitre.orgftp://patches.sgi.com/support/free/security/advisories/20070602-01-P.asc
cve@mitre.orghttp://lists.grok.org.uk/pipermail/full-disclosure/2007-September/065902.html
cve@mitre.orghttp://osvdb.org/37271
cve@mitre.orghttp://secunia.com/advisories/25631
cve@mitre.orghttp://secunia.com/advisories/25894
cve@mitre.orghttp://secunia.com/advisories/26909
cve@mitre.orghttp://secunia.com/advisories/27590
cve@mitre.orghttp://secunia.com/advisories/27706
cve@mitre.orghttp://secunia.com/advisories/28319
cve@mitre.orghttp://security.gentoo.org/glsa/glsa-200711-23.xml
cve@mitre.orghttp://support.avaya.com/elmodocs2/security/ASA-2007-526.htm
cve@mitre.orghttp://www.redhat.com/support/errata/RHSA-2007-0465.html
cve@mitre.orghttp://www.redhat.com/support/errata/RHSA-2007-0555.html
cve@mitre.orghttp://www.redhat.com/support/errata/RHSA-2007-0737.html
cve@mitre.orghttp://www.vupen.com/english/advisories/2007/3229
cve@mitre.orghttps://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=230823
cve@mitre.orghttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11483
af854a3a-2127-422b-91ae-364da2661108ftp://patches.sgi.com/support/free/security/advisories/20070602-01-P.asc
af854a3a-2127-422b-91ae-364da2661108http://lists.grok.org.uk/pipermail/full-disclosure/2007-September/065902.html
af854a3a-2127-422b-91ae-364da2661108http://osvdb.org/37271
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/25631
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/25894
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/26909
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/27590
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/27706
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/28319
af854a3a-2127-422b-91ae-364da2661108http://security.gentoo.org/glsa/glsa-200711-23.xml
af854a3a-2127-422b-91ae-364da2661108http://support.avaya.com/elmodocs2/security/ASA-2007-526.htm
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/support/errata/RHSA-2007-0465.html
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/support/errata/RHSA-2007-0555.html
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/support/errata/RHSA-2007-0737.html
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2007/3229
af854a3a-2127-422b-91ae-364da2661108https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=230823
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11483
Impacted products
Vendor Product Version
redhat enterprise_linux 4.4


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux:4.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "29202FE0-F778-4A55-98CF-19C48C503DB0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "pam_console does not properly restore ownership for certain console devices when there are multiple users logged into the console and one user logs out, which might allow local users to gain privileges."
    },
    {
      "lang": "es",
      "value": "pam_console no restaura adecuadamente el propietario de ciertos dispositivos de consola cuando hay m\u00faltiples usuarios dados de alta en la consola y uno de ellos se sale, lo cual podr\u00eda permitir la obtenci\u00f3n de privilegios por parte de usuarios locales."
    }
  ],
  "id": "CVE-2007-1716",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "HIGH",
          "accessVector": "LOCAL",
          "authentication": "MULTIPLE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 3.4,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:L/AC:H/Au:M/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 1.2,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": true,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2007-03-27T22:19:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "ftp://patches.sgi.com/support/free/security/advisories/20070602-01-P.asc"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-September/065902.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://osvdb.org/37271"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/25631"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/25894"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/26909"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/27590"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/27706"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/28319"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://security.gentoo.org/glsa/glsa-200711-23.xml"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://support.avaya.com/elmodocs2/security/ASA-2007-526.htm"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.redhat.com/support/errata/RHSA-2007-0465.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.redhat.com/support/errata/RHSA-2007-0555.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.redhat.com/support/errata/RHSA-2007-0737.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2007/3229"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=230823"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11483"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "ftp://patches.sgi.com/support/free/security/advisories/20070602-01-P.asc"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-September/065902.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://osvdb.org/37271"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/25631"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/25894"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/26909"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/27590"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/27706"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/28319"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://security.gentoo.org/glsa/glsa-200711-23.xml"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://support.avaya.com/elmodocs2/security/ASA-2007-526.htm"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.redhat.com/support/errata/RHSA-2007-0465.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.redhat.com/support/errata/RHSA-2007-0555.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.redhat.com/support/errata/RHSA-2007-0737.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2007/3229"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=230823"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11483"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vendorComments": [
    {
      "comment": "Red Hat is aware of this issue and is tracking it via the following bug:\nhttps://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=233581\n\nThe Red Hat Security Response Team has rated this issue as having low security\nimpact, a future update may address this flaw.  More information regarding\nissue severity can be found here:\nhttp://www.redhat.com/security/updates/classification/\n\n",
      "lastModified": "2007-04-09T00:00:00",
      "organization": "Red Hat"
    }
  ],
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.