CVE-2019-7639

An issue was discovered in gsi-openssh-server 7.9p1 on Fedora 29. If PermitPAMUserChange is set to yes in the /etc/gsissh/sshd_config file, logins succeed with a valid username and an incorrect password, even though a failure entry is recorded in the /var/log/messages file.
References
Link Resource
https://bugzilla.redhat.com/show_bug.cgi?id=1673802 Exploit Issue Tracking Third Party Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:o:fedoraproject:fedora:28:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*

Configuration 2 (hide)

cpe:2.3:a:gsi-openssh_project:gsi-openssh:7.9:p1:*:*:*:*:*:*

History

No history.

Information

Published : 2019-02-08 11:29

Updated : 2024-02-28 16:48


NVD link : CVE-2019-7639

Mitre link : CVE-2019-7639

CVE.ORG link : CVE-2019-7639


JSON object : View

Products Affected

fedoraproject

  • fedora

gsi-openssh_project

  • gsi-openssh
CWE
CWE-863

Incorrect Authorization