Vulnerabilities (CVE)

Filtered by vendor Libpam-pgsql Subscribe
Filtered by product Libpam-pgsql
Total 1 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2008-2516 1 Libpam-pgsql 1 Libpam-pgsql 2024-11-21 4.6 MEDIUM N/A
pam_sm_authenticate in pam_pgsql.c in libpam-pgsql 0.6.3 does not properly consider operator precedence when evaluating the success of a pam_get_pass function call, which allows local users to gain privileges via a SIGINT signal when this function is executing, as demonstrated by a CTRL-C sequence at a sudo password prompt in an "auth sufficient pam_pgsql.so" configuration.