CVE-2007-1716

high

Description

pam_console does not properly restore ownership for certain console devices when there are multiple users logged into the console and one user logs out, which might allow local users to gain privileges.

References

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11483

https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=230823

http://www.vupen.com/english/advisories/2007/3229

http://www.redhat.com/support/errata/RHSA-2007-0737.html

http://www.redhat.com/support/errata/RHSA-2007-0555.html

http://www.redhat.com/support/errata/RHSA-2007-0465.html

http://support.avaya.com/elmodocs2/security/ASA-2007-526.htm

http://security.gentoo.org/glsa/glsa-200711-23.xml

http://secunia.com/advisories/28319

http://secunia.com/advisories/27706

http://secunia.com/advisories/27590

http://secunia.com/advisories/26909

http://secunia.com/advisories/25894

http://secunia.com/advisories/25631

http://osvdb.org/37271

http://lists.grok.org.uk/pipermail/full-disclosure/2007-September/065902.html

Details

Source: Mitre, NVD

Published: 2007-03-27

Updated: 2025-04-09

Risk Information

CVSS v2

Base Score: 3.4

Vector: CVSS2#AV:L/AC:H/Au:M/C:P/I:P/A:P

Severity: Low

CVSS v3

Base Score: 7.3

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:H

Severity: High

EPSS

EPSS: 0.00067

Detections

Analytics