CVE-2003-0388: Privilege Escalation vulnerability on Andrew Morgan Linux Pam

Vulnerability Details : CVE-2003-0388

CVE Name: CVE-2003-0388: Privilege Escalation vulnerability on Andrew Morgan Linux Pam

Description: pam_wheel in Linux-PAM 0.78, with the trust option enabled and the use_uid option disabled, allows local users to spoof log entries and gain privileges by causing getlogin() to return a spoofed user name.

Publish date: 2003-07-24T04:00Z

Last Update: 2016-10-18T02:33Z

CVSS Scores & Vulnerability Types

CVSS Score	4.6
Confidentiality Impact	PARTIAL
Integrity Impact	PARTIAL
Availability Impact	PARTIAL
Actack Vector	LOCAL
Actack Complexity	LOW
Privileges Required	NONE
User Interaction	NONE
Scope	No info
Vulnerability Type(s)	Privilege Escalation
CWE ID	N/I

Products Affected By CVE-2003-0388

#	Vendor	Product	Vulnerable Versions
1	Andrew Morgan	Linux Pam	1

Detail of Verions Affected

#	Product Type	Vendor	Product	Version
1	Operating System	Andrew Morgan	Linux Pam	*

References For CVE-2003-0388

Hyperlink	Resource
http://www.idefense.com/advisory/06.16.03.txt	Exploit, Patch, Vendor Advisory
http://www.redhat.com/support/errata/RHSA-2004-304.html
http://marc.info/?l=bugtraq&m=105577915506761&w=2