{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2007-03-23T00:00:00", "descriptions": [{"lang": "en", "value": "pam_console does not properly restore ownership for certain console devices when there are multiple users logged into the console and one user logs out, which might allow local users to gain privileges."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-10-10T00:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "28319", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/28319"}, {"name": "20070920 VMSA-2007-0006 Critical security updates for all supported versions of VMware ESX Server, VMware Server, VMware Workstation, VMware ACE, and VMware Player", "tags": ["mailing-list", "x_refsource_FULLDISC"], "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-September/065902.html"}, {"name": "GLSA-200711-23", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "http://security.gentoo.org/glsa/glsa-200711-23.xml"}, {"name": "25894", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/25894"}, {"name": "ADV-2007-3229", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2007/3229"}, {"name": "oval:org.mitre.oval:def:11483", "tags": ["vdb-entry", "signature", "x_refsource_OVAL"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11483"}, {"name": "RHSA-2007:0555", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://www.redhat.com/support/errata/RHSA-2007-0555.html"}, {"name": "RHSA-2007:0465", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://www.redhat.com/support/errata/RHSA-2007-0465.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=230823"}, {"name": "RHSA-2007:0737", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://www.redhat.com/support/errata/RHSA-2007-0737.html"}, {"name": "26909", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/26909"}, {"name": "27706", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/27706"}, {"name": "37271", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/37271"}, {"name": "27590", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/27590"}, {"name": "20070602-01-P", "tags": ["vendor-advisory", "x_refsource_SGI"], "url": "ftp://patches.sgi.com/support/free/security/advisories/20070602-01-P.asc"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://support.avaya.com/elmodocs2/security/ASA-2007-526.htm"}, {"name": "25631", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/25631"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "[email protected]", "ID": "CVE-2007-1716", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "pam_console does not properly restore ownership for certain console devices when there are multiple users logged into the console and one user logs out, which might allow local users to gain privileges."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "28319", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/28319"}, {"name": "20070920 VMSA-2007-0006 Critical security updates for all supported versions of VMware ESX Server, VMware Server, VMware Workstation, VMware ACE, and VMware Player", "refsource": "FULLDISC", "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-September/065902.html"}, {"name": "GLSA-200711-23", "refsource": "GENTOO", "url": "http://security.gentoo.org/glsa/glsa-200711-23.xml"}, {"name": "25894", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/25894"}, {"name": "ADV-2007-3229", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2007/3229"}, {"name": "oval:org.mitre.oval:def:11483", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11483"}, {"name": "RHSA-2007:0555", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2007-0555.html"}, {"name": "RHSA-2007:0465", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2007-0465.html"}, {"name": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=230823", "refsource": "CONFIRM", "url": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=230823"}, {"name": "RHSA-2007:0737", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2007-0737.html"}, {"name": "26909", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/26909"}, {"name": "27706", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/27706"}, {"name": "37271", "refsource": "OSVDB", "url": "http://osvdb.org/37271"}, {"name": "27590", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/27590"}, {"name": "20070602-01-P", "refsource": "SGI", "url": "ftp://patches.sgi.com/support/free/security/advisories/20070602-01-P.asc"}, {"name": "http://support.avaya.com/elmodocs2/security/ASA-2007-526.htm", "refsource": "CONFIRM", "url": "http://support.avaya.com/elmodocs2/security/ASA-2007-526.htm"}, {"name": "25631", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/25631"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T13:06:26.170Z"}, "title": "CVE Program Container", "references": [{"name": "28319", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/28319"}, {"name": "20070920 VMSA-2007-0006 Critical security updates for all supported versions of VMware ESX Server, VMware Server, VMware Workstation, VMware ACE, and VMware Player", "tags": ["mailing-list", "x_refsource_FULLDISC", "x_transferred"], "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-September/065902.html"}, {"name": "GLSA-200711-23", "tags": ["vendor-advisory", "x_refsource_GENTOO", "x_transferred"], "url": "http://security.gentoo.org/glsa/glsa-200711-23.xml"}, {"name": "25894", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/25894"}, {"name": "ADV-2007-3229", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2007/3229"}, {"name": "oval:org.mitre.oval:def:11483", "tags": ["vdb-entry", "signature", "x_refsource_OVAL", "x_transferred"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11483"}, {"name": "RHSA-2007:0555", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://www.redhat.com/support/errata/RHSA-2007-0555.html"}, {"name": "RHSA-2007:0465", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://www.redhat.com/support/errata/RHSA-2007-0465.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=230823"}, {"name": "RHSA-2007:0737", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://www.redhat.com/support/errata/RHSA-2007-0737.html"}, {"name": "26909", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/26909"}, {"name": "27706", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/27706"}, {"name": "37271", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://osvdb.org/37271"}, {"name": "27590", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/27590"}, {"name": "20070602-01-P", "tags": ["vendor-advisory", "x_refsource_SGI", "x_transferred"], "url": "ftp://patches.sgi.com/support/free/security/advisories/20070602-01-P.asc"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://support.avaya.com/elmodocs2/security/ASA-2007-526.htm"}, {"name": "25631", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/25631"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2007-1716", "datePublished": "2007-03-27T22:00:00", "dateReserved": "2007-03-27T00:00:00", "dateUpdated": "2024-08-07T13:06:26.170Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:redhat:enterprise_linux:4.4:*:*:*:*:*:*:*", "matchCriteriaId": "29202FE0-F778-4A55-98CF-19C48C503DB0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "pam_console does not properly restore ownership for certain console devices when there are multiple users logged into the console and one user logs out, which might allow local users to gain privileges."}, {"lang": "es", "value": "pam_console no restaura adecuadamente el propietario de ciertos dispositivos de consola cuando hay m\u00faltiples usuarios dados de alta en la consola y uno de ellos se sale, lo cual podr\u00eda permitir la obtenci\u00f3n de privilegios por parte de usuarios locales."}], "id": "CVE-2007-1716", "lastModified": "2025-04-09T00:30:58.490", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "HIGH", "accessVector": "LOCAL", "authentication": "MULTIPLE", "availabilityImpact": "PARTIAL", "baseScore": 3.4, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:H/Au:M/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 1.2, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": true, "obtainUserPrivilege": false, "source": "[email protected]", "type": "Primary", "userInteractionRequired": false}]}, "published": "2007-03-27T22:19:00.000", "references": [{"source": "[email protected]", "url": "ftp://patches.sgi.com/support/free/security/advisories/20070602-01-P.asc"}, {"source": "[email protected]", "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-September/065902.html"}, {"source": "[email protected]", "url": "http://osvdb.org/37271"}, {"source": "[email protected]", "url": "http://secunia.com/advisories/25631"}, {"source": "[email protected]", "url": "http://secunia.com/advisories/25894"}, {"source": "[email protected]", "url": "http://secunia.com/advisories/26909"}, {"source": "[email protected]", "url": "http://secunia.com/advisories/27590"}, {"source": "[email protected]", "url": "http://secunia.com/advisories/27706"}, {"source": "[email protected]", "url": "http://secunia.com/advisories/28319"}, {"source": "[email protected]", "url": "http://security.gentoo.org/glsa/glsa-200711-23.xml"}, {"source": "[email protected]", "url": "http://support.avaya.com/elmodocs2/security/ASA-2007-526.htm"}, {"source": "[email protected]", "url": "http://www.redhat.com/support/errata/RHSA-2007-0465.html"}, {"source": "[email protected]", "url": "http://www.redhat.com/support/errata/RHSA-2007-0555.html"}, {"source": "[email protected]", "url": "http://www.redhat.com/support/errata/RHSA-2007-0737.html"}, {"source": "[email protected]", "url": "http://www.vupen.com/english/advisories/2007/3229"}, {"source": "[email protected]", "url": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=230823"}, {"source": "[email protected]", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11483"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "ftp://patches.sgi.com/support/free/security/advisories/20070602-01-P.asc"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-September/065902.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://osvdb.org/37271"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/25631"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/25894"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/26909"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/27590"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/27706"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/28319"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://security.gentoo.org/glsa/glsa-200711-23.xml"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://support.avaya.com/elmodocs2/security/ASA-2007-526.htm"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.redhat.com/support/errata/RHSA-2007-0465.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.redhat.com/support/errata/RHSA-2007-0555.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.redhat.com/support/errata/RHSA-2007-0737.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.vupen.com/english/advisories/2007/3229"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=230823"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11483"}], "sourceIdentifier": "[email protected]", "vendorComments": [{"comment": "Red Hat is aware of this issue and is tracking it via the following bug:\nhttps://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=233581\n\nThe Red Hat Security Response Team has rated this issue as having low security\nimpact, a future update may address this flaw. More information regarding\nissue severity can be found here:\nhttp://www.redhat.com/security/updates/classification/\n\n", "lastModified": "2007-04-09T00:00:00", "organization": "Red Hat"}], "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "[email protected]", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2007:0465", "cpe": "cpe:/o:redhat:enterprise_linux:3", "package": "cdrtools-8:2.01.0.a32-0.EL3.6", "product_name": "Red Hat Enterprise Linux 3", "release_date": "2007-06-07T00:00:00Z"}, {"advisory": "RHSA-2007:0465", "cpe": "cpe:/o:redhat:enterprise_linux:3", "package": "pam-0:0.75-72", "product_name": "Red Hat Enterprise Linux 3", "release_date": "2007-06-07T00:00:00Z"}, {"advisory": "RHSA-2007:0737", "cpe": "cpe:/o:redhat:enterprise_linux:4", "package": "pam-0:0.77-66.23", "product_name": "Red Hat Enterprise Linux 4", "release_date": "2007-11-15T00:00:00Z"}, {"advisory": "RHSA-2007:0555", "cpe": "cpe:/o:redhat:enterprise_linux:5", "package": "pam-0:0.99.6.2-3.26.el5", "product_name": "Red Hat Enterprise Linux 5", "release_date": "2007-11-07T00:00:00Z"}], "bugzilla": {"description": "security flaw", "id": "1618305", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1618305"}, "csaw": false, "details": ["pam_console does not properly restore ownership for certain console devices when there are multiple users logged into the console and one user logs out, which might allow local users to gain privileges."], "name": "CVE-2007-1716", "public_date": "2007-03-03T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2007-1716\nhttps://nvd.nist.gov/vuln/detail/CVE-2007-1716"], "statement": "Red Hat is aware of this issue and is tracking it via the following bug:\nhttps://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=233581\nThe Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. More information regarding issue severity can be found here:\nhttp://www.redhat.com/security/updates/classification/", "threat_severity": "Low"}