CVE-2005-2977 : The SELinux version of PAM before 0.78 r3 allows local users to perform brute force password guessing attacks via unix

The SELinux version of PAM before 0.78 r3 allows local users to perform brute force password guessing attacks via unix_chkpwd, which does not log failed guesses or delay its responses.

Published 2005-11-01 12:47:00

Updated 2017-10-11 01:30:22

Source Red Hat, Inc.

View at NVD, CVE.org

Exploit prediction scoring system (EPSS) score for CVE-2005-2977

Probability of exploitation activity in the next 30 days: 0.04%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 6 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2005-2977

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
2.1	LOW	AV:L/AC:L/Au:N/C:P/I:N/A:N	3.9	2.9	NIST
Access Vector: Local Access Complexity: Low Authentication: None Confidentiality Impact: Partial Integrity Impact: None Availability Impact: None

References for CVE-2005-2977

http://www.gentoo.org/security/en/glsa/glsa-200510-22.xml

Patch;Vendor Advisory
http://www.securityfocus.com/bid/15217
http://securitytracker.com/id?1015111
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=168181
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10193
http://cvs.sourceforge.net/viewcvs.py/pam/Linux-PAM/NEWS?rev=1.6&view=markup
http://www.redhat.com/support/errata/RHSA-2005-805.html
http://www.vupen.com/english/advisories/2005/2227

Products affected by CVE-2005-2977

PAM » PAM » Selinux Edition
Versions up to, including, (<=) 0.80
cpe:2.3:a:pam:pam:*:*:selinux:*:*:*:*:*
Matching versions

Vulnerability Details : CVE-2005-2977

Exploit prediction scoring system (EPSS) score for CVE-2005-2977

CVSS scores for CVE-2005-2977

References for CVE-2005-2977

Products affected by CVE-2005-2977