CVE-2001-1147

Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
08/10/2001
Last modified:
03/04/2025

Description

The PAM implementation in /bin/login of the util-linux package before 2.11 causes a password entry to be rewritten across multiple PAM calls, which could provide the credentials of one user to a different user, when used in certain PAM modules such as pam_limits.

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:andries_brouwer:util-linux:2.10s:*:*:*:*:*:*:*
cpe:2.3:a:andries_brouwer:util-linux:2.11f:*:*:*:*:*:*:*
cpe:2.3:a:andries_brouwer:util-linux:2.11h:*:*:*:*:*:*:*
cpe:2.3:a:andries_brouwer:util-linux:2.11i:*:*:*:*:*:*:*
cpe:2.3:a:andries_brouwer:util-linux:2.11k:*:*:*:*:*:*:*