Multiple directory traversal vulnerabilities in pamtimestamp.c in the pamtimestamp module for Linux-PAM (aka pam) 1.1.8 allow local users to create arbitrary files or possibly bypass authentication via a .. (dot dot) in the (1) PAMRUSER value to the getruser function or (2) PAMTTY value to the checktty function, which is used by the formattimestampname function.
{ "availability": "No subscription required", "ubuntu_priority": "low", "binaries": [ { "libpam-doc": "1.1.8-1ubuntu2.1", "libpam-modules-bin": "1.1.8-1ubuntu2.1", "libpam-runtime": "1.1.8-1ubuntu2.1", "libpam-cracklib": "1.1.8-1ubuntu2.1", "libpam0g-dbgsym": "1.1.8-1ubuntu2.1", "libpam-modules-dbgsym": "1.1.8-1ubuntu2.1", "libpam0g-dev": "1.1.8-1ubuntu2.1", "libpam-modules-bin-dbgsym": "1.1.8-1ubuntu2.1", "libpam0g": "1.1.8-1ubuntu2.1", "libpam-modules": "1.1.8-1ubuntu2.1", "libpam-cracklib-dbgsym": "1.1.8-1ubuntu2.1" } ] }