DEBIAN-CVE-2014-2583

DEBIAN-CVE-2014-2583 PUBLISHED CVSS 8.5 HIGH

Multiple directory traversal vulnerabilities in pam_timestamp.c in the pam_timestamp module for Linux-PAM (aka pam) 1.1.8 allow local users to create arbitrary files or possibly bypass authentication via a .. (dot dot) in the (1) PAM_RUSER value to the get_ruser function or (2) PAM_TTY value to the check_tty function, which is used by the format_timestamp_name function.

Risk Scores

CVSS v4.0

8.5

CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

Affected Products

Vendor	Product	Versions
Debian:12	pam	0, 0, 0
Debian:14	pam	0, 0, 0
Debian:13	pam	0, 0, 0
Debian:11	pam	0, 0, 0

Timeline

Apr 10, 2014 CVE Published
Apr 28, 2026 CVE Updated

References

https://security-tracker.debian.org/tracker/CVE-2014-2583 advisory

Open in Interactive Console →