CVE-2008-2516
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2008-2516
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
pam_sm_authenticate in pam_pgsql.c in libpam-pgsql 0.6.3 does not properly consider operator precedence when evaluating the success of a pam_get_pass function call, which allows local users to gain privileges via a SIGINT signal when this function is executing, as demonstrated by a CTRL-C sequence at a sudo password prompt in an "auth sufficient pam_pgsql.so" configuration.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
libpam-pgsql pam_pgsql.c文件身份认证绕过漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
libpam-pgsql(也称pam_pgsql)是一个使用PostgreSQL数据库认证用户的PAM模块。 libpam-pgsql的pam_pgsql.c文件中的pam_sm_authenticate()函数存在安全漏洞,如果在认证过程中发送了SIGINT,例如在sudo要求输入用户口令时按下Ctrl+C,则无需输入正确口令sudo也可以成功。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| - | n/a | n/a | - |
II. Public POCs for CVE-2008-2516
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2008-2516
Please Login to view more intelligence information
- http://sourceforge.net/project/shownotes.php?release_id=601775x_refsource_CONFIRM
- https://nvd.nist.gov/vuln/detail/CVE-2008-2516
Same Patch Batch · n/a · 2008-06-03 · 27 CVEs total
| CVE-2008-2531 | Build A Niche Store 搜索脚本跨站脚本攻击漏洞 | |
| CVE-2008-2519 | Core FTP 客户端 LIST命令响应目录遍历漏洞 | |
| CVE-2008-2518 | Sun Java系统Web服务器高级搜索机制跨站脚本漏洞 | |
| CVE-2008-2517 | SaraB DAR 加密密钥信息泄露漏洞 | |
| CVE-2008-2540 | Apple Safari权限许可和访问控制漏洞 | |
| CVE-2008-2539 | Sun Cluster Global File System 未明向量文件破坏漏洞 | |
| CVE-2008-2538 | sun solaris crontab 未明向量攻击漏洞 | |
| CVE-2008-2537 | HispaH Model Search 'cat.php' SQL注入漏洞 | |
| CVE-2008-2536 | YABSoft Advanced Image Hosting Script 'out.php' SQL注入漏洞 | |
| CVE-2008-2535 | Fkrauthan Phoenix_view_cms admin/module/ 多个SQL注入漏洞 | |
| CVE-2008-2534 | Fkrauthan Phoenix_view_cms "admin/admin_frame.php" 目录遍历漏洞 | |
| CVE-2008-2533 | Phoenix View CMS 多个跨站脚本攻击漏洞 | |
| CVE-2008-2532 | AJ HYIP Acme 'topic_detail.php' SQL注入漏洞 | |
| CVE-2008-1035 | Apple Mac OS X 代码注入漏洞 | |
| CVE-2008-2530 | Concepts & Solutions QuickUpCMS 多个SQL注入漏洞 | |
| CVE-2008-2529 | Advanced Links Management 'read.php' SQL注入漏洞 | |
| CVE-2008-2528 | Citrix Access Gateway 身份认证绕过漏洞 | |
| CVE-2008-2527 | ActualScripts ActualAnalyzer 'view.php' 跨站脚本攻击漏洞 | |
| CVE-2008-2526 | TYPO3 WT Gallery 扩展名跨站脚本攻击漏洞 | |
| CVE-2008-2525 | TYPO3 事件数据库扩展名未明跨站脚本攻击漏洞 |
Showing top 20 of 27 CVEs. View all on vendor page → →
IV. Related Vulnerabilities
Same vendor: n/a
- CVE-2026-8226
Open5GS types.c ogs_pcc_rule_install_flow_from_media denial - CVE-2026-8225
Open5GS delete Endpoint sm-sm.c pcf_npcf_smpolicycontrol_han - CVE-2026-8224
Open5GS PCF context.c pcf_sess_set_ipv6prefix denial of serv - CVE-2026-8223
Open5GS sm-policies Endpoint pcf_sess_sbi_discover_and_send - CVE-2026-8222
Open5GS sm-policies Endpoint nbsf-handler.c pcf_nbsf_managem
V. Comments for CVE-2008-2516
No comments yet