ALT Linux Team

Package linux-pam update in sisyphus on 2020-11-25

ALT-PU-2020-3418-1

Package linux-pam updated to version 1.5.1-alt1 for branch sisyphus in task 260508.

Closed vulnerabilities

Published: 2020-12-18
Modified: 2024-11-21

CVE-2020-27780

A flaw was found in Linux-Pam in versions prior to 1.5.1 in the way it handle empty passwords for non-existing users. When the user doesn't exist PAM try to authenticate with root and in the case of an empty password it successfully authenticate.

Severity: CRITICAL (9.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
References:
VKontakte | Telegram | YouTube | Forum | GitHub | Bugzilla
Version: 2.1.1
Back to top