Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2014-2583

EPSS 1.51% · P81
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2014-2583

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
Multiple directory traversal vulnerabilities in pam_timestamp.c in the pam_timestamp module for Linux-PAM (aka pam) 1.1.8 allow local users to create arbitrary files or possibly bypass authentication via a .. (dot dot) in the (1) PAM_RUSER value to the get_ruser function or (2) PAM_TTY value to the check_tty function, which is used by the format_timestamp_name function.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
Linux-PAM pam_timestamp模块目录遍历漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Linux-PAM(又名PAM)是一种用于Linux平台中的认证机制,它通过提供一些动态链接库和一套统一的API,使系统管理员可以自由选择应用程序使用的验证机制。pam_timestamp是其中的一个身份验证缓存模块。 Linux-PAM 1.1.8版本的pam_timestamp模块中的pam_timestamp.c文件存在目录遍历漏洞,该漏洞源于‘get_ruser’函数没有充分过滤PAM_RUSER值,‘check_tty’函数没有充分过滤PAM_TTY值。本地攻击者可借助目录遍历字符‘..’利用该
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
-n/a n/a -

II. Public POCs for CVE-2014-2583

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2014-2583

登录查看更多情报信息。

Same Patch Batch · n/a · 2014-04-10 · 37 CVEs total

CVE-2013-7367SAP Enterprise Portal 权限许可和访问控制漏洞
CVE-2013-7359SAP Mobile Infrastructure 安全漏洞
CVE-2013-7360SAP adminadapte 安全漏洞
CVE-2013-7361SAP CMS和CM Services 目录遍历漏洞
CVE-2013-7362SAP CCMS Agent ‘RFC’函数代码注入漏洞
CVE-2013-7363SAP Solution Manager Diagnostics代理安全漏洞
CVE-2013-7364SAP NetWeaver J2EE Engine
CVE-2013-7365SAP Enterprise Portal 跨站脚本漏洞
CVE-2013-7366SAP Software Deployment Manager 授权问题漏洞
CVE-2013-7358SAP Guided Procedures Archive Monitor 安全漏洞
CVE-2014-2748SAP Enhancement Package for SAP ERP 权限许可和访问控制漏洞
CVE-2014-2749SAP HANA ICM进程信息泄露漏洞
CVE-2014-2751SAP Print and Output Management 信任管理漏洞
CVE-2014-2752SAP Business Object Processing Framework for ABAP 信任管理漏洞
CVE-2012-6132Roundup 跨站脚本漏洞
CVE-2013-0740Dell OpenManage Server Administrator ‘file’参数开放重定向漏洞
CVE-2014-0908IBM Business Process Manager 权限许可和访问控制漏洞
CVE-2014-0920IBM SPSS Analytic Server 信任管理漏洞
CVE-2013-3251WordPress qTranslate插件跨站请求伪造漏洞
CVE-2014-2127Cisco ASA Software 输入验证错误漏洞

Showing top 20 of 37 CVEs. View all on vendor page → →

IV. Related Vulnerabilities

Same product: n/a
Same vendor: n/a

V. Comments for CVE-2014-2583

No comments yet

Leave a comment