PublicDate: 2008-06-03 14:32:00 UTC
Candidate: CVE-2008-2516
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2516
Description:
 pam_sm_authenticate in pam_pgsql.c in libpam-pgsql 0.6.3 does not properly
 consider operator precedence when evaluating the success of a pam_get_pass
 function call, which allows local users to gain privileges via a SIGINT
 signal when this function is executing, as demonstrated by a CTRL-C
 sequence at a sudo password prompt in an "auth sufficient pam_pgsql.so"
 configuration.
Ubuntu-Description:
Notes:
 wgrant> dapper, feisty are too old.
Bugs:
 https://bugs.launchpad.net/bugs/242690
 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=481970
Priority: medium
Discovered-by:
Assigned-to:
CVSS: 

Patches_pam-pgsql:
upstream_pam-pgsql: released (0.6.3-2)
dapper_pam-pgsql: ignored (reached end-of-life)
feisty_pam-pgsql: needed (reached end-of-life)
gutsy_pam-pgsql: released (0.6.3-0ubuntu1.7.10.1)
hardy_pam-pgsql: released (0.6.3-0ubuntu1.8.04.1)
intrepid_pam-pgsql: released (0.6.3-2build1)
jaunty_pam-pgsql: released (0.6.3-2build1)
karmic_pam-pgsql: released (0.6.3-2build1)
devel_pam-pgsql: released (0.6.3-2build1)