CVE-2005-2977: Low severity PAM PAM vulnerability
Published Nov 1, 2005
·Updated
The SELinux version of PAM before 0.78 r3 allows local users to perform brute force password guessing attacks via unixchkpwd, which does not log failed guesses or delay its responses.
Affected Software
1 affected component
PAM PAM<=0.80
Remediation
Patch Available
Patch Available
Event History
Nov 1, 2005
CVE Published
via MITRE·07:00 AM
Data Sourced
via MITRE·07:00 AM
Description
Frequently Asked Questions
1
What is the severity of CVE-2005-2977?
CVE-2005-2977 is considered to be a moderate severity vulnerability due to its potential for local brute force attacks.
2
How do I fix CVE-2005-2977?
To fix CVE-2005-2977, update PAM to version 0.78 r3 or later, which addresses the brute force password guessing issue.
3
Who is affected by CVE-2005-2977?
CVE-2005-2977 affects local users of PAM versions prior to 0.78 r3 in SELinux environments.
4
What can an attacker do with CVE-2005-2977?
An attacker can exploit CVE-2005-2977 to perform brute force password guessing attacks without detection.
5
Is logging implemented for failed attempts in CVE-2005-2977?
No, CVE-2005-2977 does not log failed password attempts, making password guessing attacks easier to execute.