Vulnerability-Lookup

CVE-2005-2977 (GCVE-0-2005-2977)

Vulnerability from cvelistv5 – Published: 2005-11-01 02:00 – Updated: 2024-08-07 22:53

Summary

The SELinux version of PAM before 0.78 r3 allows local users to perform brute force password guessing attacks via unix_chkpwd, which does not log failed guesses or delay its responses.

Severity ?

No CVSS data available.

CWE

Assigner

redhat

References

URL

FKIE_CVE-2005-2977

Vulnerability from fkie_nvd - Published: 2005-11-01 12:47 - Updated: 2025-04-03 01:03

Severity ?

Summary

The SELinux version of PAM before 0.78 r3 allows local users to perform brute force password guessing attacks via unix_chkpwd, which does not log failed guesses or delay its responses.

References

URL	Tags
secalert@redhat.com	http://cvs.sourceforge.net/viewcvs.py/pam/Linux-PAM/NEWS?rev=1.6&view=markup
secalert@redhat.com	http://secunia.com/advisories/17346
secalert@redhat.com	http://secunia.com/advisories/17350
secalert@redhat.com	http://secunia.com/advisories/17352
secalert@redhat.com	http://secunia.com/advisories/17365	Patch, Vendor Advisory
secalert@redhat.com	http://securitytracker.com/id?1015111
secalert@redhat.com	http://www.gentoo.org/security/en/glsa/glsa-200510-22.xml	Patch, Vendor Advisory
secalert@redhat.com	http://www.redhat.com/support/errata/RHSA-2005-805.html
secalert@redhat.com	http://www.securityfocus.com/bid/15217
secalert@redhat.com	http://www.vupen.com/english/advisories/2005/2227
secalert@redhat.com	https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=168181
secalert@redhat.com	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10193
af854a3a-2127-422b-91ae-364da2661108	http://cvs.sourceforge.net/viewcvs.py/pam/Linux-PAM/NEWS?rev=1.6&view=markup
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/17346
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/17350
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/17352
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/17365	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://securitytracker.com/id?1015111
af854a3a-2127-422b-91ae-364da2661108	http://www.gentoo.org/security/en/glsa/glsa-200510-22.xml	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.redhat.com/support/errata/RHSA-2005-805.html
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/15217
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2005/2227
af854a3a-2127-422b-91ae-364da2661108	https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=168181
af854a3a-2127-422b-91ae-364da2661108	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10193

Impacted products

	Vendor	Product	Version
	pam	pam	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:pam:pam:*:*:selinux:*:*:*:*:*",
              "matchCriteriaId": "967AFB34-1676-4541-A26D-BA36AF296406",
              "versionEndIncluding": "0.80",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The SELinux version of PAM before 0.78 r3 allows local users to perform brute force password guessing attacks via unix_chkpwd, which does not log failed guesses or delay its responses."
    }
  ],
  "id": "CVE-2005-2977",
  "lastModified": "2025-04-03T01:03:51.193",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 2.1,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2005-11-01T12:47:00.000",
  "references": [
    {
      "source": "secalert@redhat.com",
      "url": "http://cvs.sourceforge.net/viewcvs.py/pam/Linux-PAM/NEWS?rev=1.6\u0026view=markup"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/17346"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/17350"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/17352"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/17365"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://securitytracker.com/id?1015111"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.gentoo.org/security/en/glsa/glsa-200510-22.xml"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.redhat.com/support/errata/RHSA-2005-805.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.securityfocus.com/bid/15217"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.vupen.com/english/advisories/2005/2227"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=168181"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10193"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://cvs.sourceforge.net/viewcvs.py/pam/Linux-PAM/NEWS?rev=1.6\u0026view=markup"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/17346"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/17350"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/17352"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/17365"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securitytracker.com/id?1015111"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.gentoo.org/security/en/glsa/glsa-200510-22.xml"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.redhat.com/support/errata/RHSA-2005-805.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/15217"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2005/2227"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=168181"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10193"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

RHSA-2005:805

Vulnerability from csaf_redhat - Published: 2005-10-26 15:58 - Updated: 2025-11-21 17:29

Summary

Red Hat Security Advisory: pam security update

Notes

Topic

An updated pam package that fixes a security weakness is now available for Red Hat Enterprise Linux 4. This update has been rated as having low security impact by the Red Hat Security Response Team.

Details

PAM (Pluggable Authentication Modules) is a system security tool that allows system administrators to set an authentication policy without having to recompile programs that handle authentication. A bug was found in the way PAM's unix_chkpwd helper program validates user passwords when SELinux is enabled. Under normal circumstances, it is not possible for a local non-root user to verify the password of another local user with the unix_chkpwd command. A patch applied that adds SELinux functionality makes it possible for a local user to use brute force password guessing techniques against other local user accounts. The Common Vulnerabilities and Exposures project has assigned the name CVE-2005-2977 to this issue. All users of pam should upgrade to this updated package, which contains backported patches to correct these issues.

This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Low"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "An updated pam package that fixes a security weakness is now available for\nRed Hat Enterprise Linux 4.\n\nThis update has been rated as having low security impact by the Red Hat\nSecurity Response Team.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "PAM (Pluggable Authentication Modules) is a system security tool that\nallows system administrators to set an authentication policy without\nhaving to recompile programs that handle authentication.\n\nA bug was found in the way PAM\u0027s unix_chkpwd helper program validates user\npasswords when SELinux is enabled. Under normal circumstances, it is not\npossible for a local non-root user to verify the password of another local\nuser with the unix_chkpwd command. A patch applied that adds SELinux\nfunctionality makes it possible for a local user to use brute force\npassword guessing techniques against other local user accounts. The Common\nVulnerabilities and Exposures project has assigned the name CVE-2005-2977 to\nthis issue.\n\nAll users of pam should upgrade to this updated package, which contains\nbackported patches to correct these issues.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2005:805",
        "url": "https://access.redhat.com/errata/RHSA-2005:805"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#low",
        "url": "https://access.redhat.com/security/updates/classification/#low"
      },
      {
        "category": "external",
        "summary": "168181",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=168181"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2005/rhsa-2005_805.json"
      }
    ],
    "title": "Red Hat Security Advisory: pam security update",
    "tracking": {
      "current_release_date": "2025-11-21T17:29:39+00:00",
      "generator": {
        "date": "2025-11-21T17:29:39+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.6.12"
        }
      },
      "id": "RHSA-2005:805",
      "initial_release_date": "2005-10-26T15:58:00+00:00",
      "revision_history": [
        {
          "date": "2005-10-26T15:58:00+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2005-10-26T00:00:00+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2025-11-21T17:29:39+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux AS version 4",
                "product": {
                  "name": "Red Hat Enterprise Linux AS version 4",
                  "product_id": "4AS",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:4::as"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux Desktop version 4",
                "product": {
                  "name": "Red Hat Enterprise Linux Desktop version 4",
                  "product_id": "4Desktop",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:4::desktop"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux ES version 4",
                "product": {
                  "name": "Red Hat Enterprise Linux ES version 4",
                  "product_id": "4ES",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:4::es"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux WS version 4",
                "product": {
                  "name": "Red Hat Enterprise Linux WS version 4",
                  "product_id": "4WS",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:4::ws"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Enterprise Linux"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "pam-0:0.77-66.13.ia64",
                "product": {
                  "name": "pam-0:0.77-66.13.ia64",
                  "product_id": "pam-0:0.77-66.13.ia64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/pam@0.77-66.13?arch=ia64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "pam-debuginfo-0:0.77-66.13.ia64",
                "product": {
                  "name": "pam-debuginfo-0:0.77-66.13.ia64",
                  "product_id": "pam-debuginfo-0:0.77-66.13.ia64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/pam-debuginfo@0.77-66.13?arch=ia64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "pam-devel-0:0.77-66.13.ia64",
                "product": {
                  "name": "pam-devel-0:0.77-66.13.ia64",
                  "product_id": "pam-devel-0:0.77-66.13.ia64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/pam-devel@0.77-66.13?arch=ia64"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "ia64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "pam-0:0.77-66.13.i386",
                "product": {
                  "name": "pam-0:0.77-66.13.i386",
                  "product_id": "pam-0:0.77-66.13.i386",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/pam@0.77-66.13?arch=i386"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "pam-debuginfo-0:0.77-66.13.i386",
                "product": {
                  "name": "pam-debuginfo-0:0.77-66.13.i386",
                  "product_id": "pam-debuginfo-0:0.77-66.13.i386",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/pam-debuginfo@0.77-66.13?arch=i386"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "pam-devel-0:0.77-66.13.i386",
                "product": {
                  "name": "pam-devel-0:0.77-66.13.i386",
                  "product_id": "pam-devel-0:0.77-66.13.i386",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/pam-devel@0.77-66.13?arch=i386"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "i386"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "pam-0:0.77-66.13.src",
                "product": {
                  "name": "pam-0:0.77-66.13.src",
                  "product_id": "pam-0:0.77-66.13.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/pam@0.77-66.13?arch=src"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "src"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "pam-0:0.77-66.13.x86_64",
                "product": {
                  "name": "pam-0:0.77-66.13.x86_64",
                  "product_id": "pam-0:0.77-66.13.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/pam@0.77-66.13?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "pam-debuginfo-0:0.77-66.13.x86_64",
                "product": {
                  "name": "pam-debuginfo-0:0.77-66.13.x86_64",
                  "product_id": "pam-debuginfo-0:0.77-66.13.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/pam-debuginfo@0.77-66.13?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "pam-devel-0:0.77-66.13.x86_64",
                "product": {
                  "name": "pam-devel-0:0.77-66.13.x86_64",
                  "product_id": "pam-devel-0:0.77-66.13.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/pam-devel@0.77-66.13?arch=x86_64"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "pam-0:0.77-66.13.ppc64",
                "product": {
                  "name": "pam-0:0.77-66.13.ppc64",
                  "product_id": "pam-0:0.77-66.13.ppc64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/pam@0.77-66.13?arch=ppc64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "pam-debuginfo-0:0.77-66.13.ppc64",
                "product": {
                  "name": "pam-debuginfo-0:0.77-66.13.ppc64",
                  "product_id": "pam-debuginfo-0:0.77-66.13.ppc64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/pam-debuginfo@0.77-66.13?arch=ppc64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "pam-devel-0:0.77-66.13.ppc64",
                "product": {
                  "name": "pam-devel-0:0.77-66.13.ppc64",
                  "product_id": "pam-devel-0:0.77-66.13.ppc64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/pam-devel@0.77-66.13?arch=ppc64"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "pam-0:0.77-66.13.ppc",
                "product": {
                  "name": "pam-0:0.77-66.13.ppc",
                  "product_id": "pam-0:0.77-66.13.ppc",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/pam@0.77-66.13?arch=ppc"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "pam-debuginfo-0:0.77-66.13.ppc",
                "product": {
                  "name": "pam-debuginfo-0:0.77-66.13.ppc",
                  "product_id": "pam-debuginfo-0:0.77-66.13.ppc",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/pam-debuginfo@0.77-66.13?arch=ppc"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "pam-devel-0:0.77-66.13.ppc",
                "product": {
                  "name": "pam-devel-0:0.77-66.13.ppc",
                  "product_id": "pam-devel-0:0.77-66.13.ppc",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/pam-devel@0.77-66.13?arch=ppc"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "ppc"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "pam-0:0.77-66.13.s390x",
                "product": {
                  "name": "pam-0:0.77-66.13.s390x",
                  "product_id": "pam-0:0.77-66.13.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/pam@0.77-66.13?arch=s390x"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "pam-debuginfo-0:0.77-66.13.s390x",
                "product": {
                  "name": "pam-debuginfo-0:0.77-66.13.s390x",
                  "product_id": "pam-debuginfo-0:0.77-66.13.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/pam-debuginfo@0.77-66.13?arch=s390x"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "pam-devel-0:0.77-66.13.s390x",
                "product": {
                  "name": "pam-devel-0:0.77-66.13.s390x",
                  "product_id": "pam-devel-0:0.77-66.13.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/pam-devel@0.77-66.13?arch=s390x"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "pam-0:0.77-66.13.s390",
                "product": {
                  "name": "pam-0:0.77-66.13.s390",
                  "product_id": "pam-0:0.77-66.13.s390",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/pam@0.77-66.13?arch=s390"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "pam-debuginfo-0:0.77-66.13.s390",
                "product": {
                  "name": "pam-debuginfo-0:0.77-66.13.s390",
                  "product_id": "pam-debuginfo-0:0.77-66.13.s390",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/pam-debuginfo@0.77-66.13?arch=s390"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "pam-devel-0:0.77-66.13.s390",
                "product": {
                  "name": "pam-devel-0:0.77-66.13.s390",
                  "product_id": "pam-devel-0:0.77-66.13.s390",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/pam-devel@0.77-66.13?arch=s390"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "s390"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "pam-0:0.77-66.13.i386 as a component of Red Hat Enterprise Linux AS version 4",
          "product_id": "4AS:pam-0:0.77-66.13.i386"
        },
        "product_reference": "pam-0:0.77-66.13.i386",
        "relates_to_product_reference": "4AS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "pam-0:0.77-66.13.ia64 as a component of Red Hat Enterprise Linux AS version 4",
          "product_id": "4AS:pam-0:0.77-66.13.ia64"
        },
        "product_reference": "pam-0:0.77-66.13.ia64",
        "relates_to_product_reference": "4AS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "pam-0:0.77-66.13.ppc as a component of Red Hat Enterprise Linux AS version 4",
          "product_id": "4AS:pam-0:0.77-66.13.ppc"
        },
        "product_reference": "pam-0:0.77-66.13.ppc",
        "relates_to_product_reference": "4AS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "pam-0:0.77-66.13.ppc64 as a component of Red Hat Enterprise Linux AS version 4",
          "product_id": "4AS:pam-0:0.77-66.13.ppc64"
        },
        "product_reference": "pam-0:0.77-66.13.ppc64",
        "relates_to_product_reference": "4AS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "pam-0:0.77-66.13.s390 as a component of Red Hat Enterprise Linux AS version 4",
          "product_id": "4AS:pam-0:0.77-66.13.s390"
        },
        "product_reference": "pam-0:0.77-66.13.s390",
        "relates_to_product_reference": "4AS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "pam-0:0.77-66.13.s390x as a component of Red Hat Enterprise Linux AS version 4",
          "product_id": "4AS:pam-0:0.77-66.13.s390x"
        },
        "product_reference": "pam-0:0.77-66.13.s390x",
        "relates_to_product_reference": "4AS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "pam-0:0.77-66.13.src as a component of Red Hat Enterprise Linux AS version 4",
          "product_id": "4AS:pam-0:0.77-66.13.src"
        },
        "product_reference": "pam-0:0.77-66.13.src",
        "relates_to_product_reference": "4AS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "pam-0:0.77-66.13.x86_64 as a component of Red Hat Enterprise Linux AS version 4",
          "product_id": "4AS:pam-0:0.77-66.13.x86_64"
        },
        "product_reference": "pam-0:0.77-66.13.x86_64",
        "relates_to_product_reference": "4AS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "pam-debuginfo-0:0.77-66.13.i386 as a component of Red Hat Enterprise Linux AS version 4",
          "product_id": "4AS:pam-debuginfo-0:0.77-66.13.i386"
        },
        "product_reference": "pam-debuginfo-0:0.77-66.13.i386",
        "relates_to_product_reference": "4AS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "pam-debuginfo-0:0.77-66.13.ia64 as a component of Red Hat Enterprise Linux AS version 4",
          "product_id": "4AS:pam-debuginfo-0:0.77-66.13.ia64"
        },
        "product_reference": "pam-debuginfo-0:0.77-66.13.ia64",
        "relates_to_product_reference": "4AS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "pam-debuginfo-0:0.77-66.13.ppc as a component of Red Hat Enterprise Linux AS version 4",
          "product_id": "4AS:pam-debuginfo-0:0.77-66.13.ppc"
        },
        "product_reference": "pam-debuginfo-0:0.77-66.13.ppc",
        "relates_to_product_reference": "4AS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "pam-debuginfo-0:0.77-66.13.ppc64 as a component of Red Hat Enterprise Linux AS version 4",
          "product_id": "4AS:pam-debuginfo-0:0.77-66.13.ppc64"
        },
        "product_reference": "pam-debuginfo-0:0.77-66.13.ppc64",
        "relates_to_product_reference": "4AS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "pam-debuginfo-0:0.77-66.13.s390 as a component of Red Hat Enterprise Linux AS version 4",
          "product_id": "4AS:pam-debuginfo-0:0.77-66.13.s390"
        },
        "product_reference": "pam-debuginfo-0:0.77-66.13.s390",
        "relates_to_product_reference": "4AS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "pam-debuginfo-0:0.77-66.13.s390x as a component of Red Hat Enterprise Linux AS version 4",
          "product_id": "4AS:pam-debuginfo-0:0.77-66.13.s390x"
        },
        "product_reference": "pam-debuginfo-0:0.77-66.13.s390x",
        "relates_to_product_reference": "4AS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "pam-debuginfo-0:0.77-66.13.x86_64 as a component of Red Hat Enterprise Linux AS version 4",
          "product_id": "4AS:pam-debuginfo-0:0.77-66.13.x86_64"
        },
        "product_reference": "pam-debuginfo-0:0.77-66.13.x86_64",
        "relates_to_product_reference": "4AS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "pam-devel-0:0.77-66.13.i386 as a component of Red Hat Enterprise Linux AS version 4",
          "product_id": "4AS:pam-devel-0:0.77-66.13.i386"
        },
        "product_reference": "pam-devel-0:0.77-66.13.i386",
        "relates_to_product_reference": "4AS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "pam-devel-0:0.77-66.13.ia64 as a component of Red Hat Enterprise Linux AS version 4",
          "product_id": "4AS:pam-devel-0:0.77-66.13.ia64"
        },
        "product_reference": "pam-devel-0:0.77-66.13.ia64",
        "relates_to_product_reference": "4AS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "pam-devel-0:0.77-66.13.ppc as a component of Red Hat Enterprise Linux AS version 4",
          "product_id": "4AS:pam-devel-0:0.77-66.13.ppc"
        },
        "product_reference": "pam-devel-0:0.77-66.13.ppc",
        "relates_to_product_reference": "4AS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "pam-devel-0:0.77-66.13.ppc64 as a component of Red Hat Enterprise Linux AS version 4",
          "product_id": "4AS:pam-devel-0:0.77-66.13.ppc64"
        },
        "product_reference": "pam-devel-0:0.77-66.13.ppc64",
        "relates_to_product_reference": "4AS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "pam-devel-0:0.77-66.13.s390 as a component of Red Hat Enterprise Linux AS version 4",
          "product_id": "4AS:pam-devel-0:0.77-66.13.s390"
        },
        "product_reference": "pam-devel-0:0.77-66.13.s390",
        "relates_to_product_reference": "4AS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "pam-devel-0:0.77-66.13.s390x as a component of Red Hat Enterprise Linux AS version 4",
          "product_id": "4AS:pam-devel-0:0.77-66.13.s390x"
        },
        "product_reference": "pam-devel-0:0.77-66.13.s390x",
        "relates_to_product_reference": "4AS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "pam-devel-0:0.77-66.13.x86_64 as a component of Red Hat Enterprise Linux AS version 4",
          "product_id": "4AS:pam-devel-0:0.77-66.13.x86_64"
        },
        "product_reference": "pam-devel-0:0.77-66.13.x86_64",
        "relates_to_product_reference": "4AS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "pam-0:0.77-66.13.i386 as a component of Red Hat Enterprise Linux Desktop version 4",
          "product_id": "4Desktop:pam-0:0.77-66.13.i386"
        },
        "product_reference": "pam-0:0.77-66.13.i386",
        "relates_to_product_reference": "4Desktop"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "pam-0:0.77-66.13.ia64 as a component of Red Hat Enterprise Linux Desktop version 4",
          "product_id": "4Desktop:pam-0:0.77-66.13.ia64"
        },
        "product_reference": "pam-0:0.77-66.13.ia64",
        "relates_to_product_reference": "4Desktop"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "pam-0:0.77-66.13.ppc as a component of Red Hat Enterprise Linux Desktop version 4",
          "product_id": "4Desktop:pam-0:0.77-66.13.ppc"
        },
        "product_reference": "pam-0:0.77-66.13.ppc",
        "relates_to_product_reference": "4Desktop"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "pam-0:0.77-66.13.ppc64 as a component of Red Hat Enterprise Linux Desktop version 4",
          "product_id": "4Desktop:pam-0:0.77-66.13.ppc64"
        },
        "product_reference": "pam-0:0.77-66.13.ppc64",
        "relates_to_product_reference": "4Desktop"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "pam-0:0.77-66.13.s390 as a component of Red Hat Enterprise Linux Desktop version 4",
          "product_id": "4Desktop:pam-0:0.77-66.13.s390"
        },
        "product_reference": "pam-0:0.77-66.13.s390",
        "relates_to_product_reference": "4Desktop"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "pam-0:0.77-66.13.s390x as a component of Red Hat Enterprise Linux Desktop version 4",
          "product_id": "4Desktop:pam-0:0.77-66.13.s390x"
        },
        "product_reference": "pam-0:0.77-66.13.s390x",
        "relates_to_product_reference": "4Desktop"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "pam-0:0.77-66.13.src as a component of Red Hat Enterprise Linux Desktop version 4",
          "product_id": "4Desktop:pam-0:0.77-66.13.src"
        },
        "product_reference": "pam-0:0.77-66.13.src",
        "relates_to_product_reference": "4Desktop"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "pam-0:0.77-66.13.x86_64 as a component of Red Hat Enterprise Linux Desktop version 4",
          "product_id": "4Desktop:pam-0:0.77-66.13.x86_64"
        },
        "product_reference": "pam-0:0.77-66.13.x86_64",
        "relates_to_product_reference": "4Desktop"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "pam-debuginfo-0:0.77-66.13.i386 as a component of Red Hat Enterprise Linux Desktop version 4",
          "product_id": "4Desktop:pam-debuginfo-0:0.77-66.13.i386"
        },
        "product_reference": "pam-debuginfo-0:0.77-66.13.i386",
        "relates_to_product_reference": "4Desktop"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "pam-debuginfo-0:0.77-66.13.ia64 as a component of Red Hat Enterprise Linux Desktop version 4",
          "product_id": "4Desktop:pam-debuginfo-0:0.77-66.13.ia64"
        },
        "product_reference": "pam-debuginfo-0:0.77-66.13.ia64",
        "relates_to_product_reference": "4Desktop"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "pam-debuginfo-0:0.77-66.13.ppc as a component of Red Hat Enterprise Linux Desktop version 4",
          "product_id": "4Desktop:pam-debuginfo-0:0.77-66.13.ppc"
        },
        "product_reference": "pam-debuginfo-0:0.77-66.13.ppc",
        "relates_to_product_reference": "4Desktop"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "pam-debuginfo-0:0.77-66.13.ppc64 as a component of Red Hat Enterprise Linux Desktop version 4",
          "product_id": "4Desktop:pam-debuginfo-0:0.77-66.13.ppc64"
        },
        "product_reference": "pam-debuginfo-0:0.77-66.13.ppc64",
        "relates_to_product_reference": "4Desktop"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "pam-debuginfo-0:0.77-66.13.s390 as a component of Red Hat Enterprise Linux Desktop version 4",
          "product_id": "4Desktop:pam-debuginfo-0:0.77-66.13.s390"
        },
        "product_reference": "pam-debuginfo-0:0.77-66.13.s390",
        "relates_to_product_reference": "4Desktop"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "pam-debuginfo-0:0.77-66.13.s390x as a component of Red Hat Enterprise Linux Desktop version 4",
          "product_id": "4Desktop:pam-debuginfo-0:0.77-66.13.s390x"
        },
        "product_reference": "pam-debuginfo-0:0.77-66.13.s390x",
        "relates_to_product_reference": "4Desktop"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "pam-debuginfo-0:0.77-66.13.x86_64 as a component of Red Hat Enterprise Linux Desktop version 4",
          "product_id": "4Desktop:pam-debuginfo-0:0.77-66.13.x86_64"
        },
        "product_reference": "pam-debuginfo-0:0.77-66.13.x86_64",
        "relates_to_product_reference": "4Desktop"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "pam-devel-0:0.77-66.13.i386 as a component of Red Hat Enterprise Linux Desktop version 4",
          "product_id": "4Desktop:pam-devel-0:0.77-66.13.i386"
        },
        "product_reference": "pam-devel-0:0.77-66.13.i386",
        "relates_to_product_reference": "4Desktop"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "pam-devel-0:0.77-66.13.ia64 as a component of Red Hat Enterprise Linux Desktop version 4",
          "product_id": "4Desktop:pam-devel-0:0.77-66.13.ia64"
        },
        "product_reference": "pam-devel-0:0.77-66.13.ia64",
        "relates_to_product_reference": "4Desktop"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "pam-devel-0:0.77-66.13.ppc as a component of Red Hat Enterprise Linux Desktop version 4",
          "product_id": "4Desktop:pam-devel-0:0.77-66.13.ppc"
        },
        "product_reference": "pam-devel-0:0.77-66.13.ppc",
        "relates_to_product_reference": "4Desktop"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "pam-devel-0:0.77-66.13.ppc64 as a component of Red Hat Enterprise Linux Desktop version 4",
          "product_id": "4Desktop:pam-devel-0:0.77-66.13.ppc64"
        },
        "product_reference": "pam-devel-0:0.77-66.13.ppc64",
        "relates_to_product_reference": "4Desktop"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "pam-devel-0:0.77-66.13.s390 as a component of Red Hat Enterprise Linux Desktop version 4",
          "product_id": "4Desktop:pam-devel-0:0.77-66.13.s390"
        },
        "product_reference": "pam-devel-0:0.77-66.13.s390",
        "relates_to_product_reference": "4Desktop"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "pam-devel-0:0.77-66.13.s390x as a component of Red Hat Enterprise Linux Desktop version 4",
          "product_id": "4Desktop:pam-devel-0:0.77-66.13.s390x"
        },
        "product_reference": "pam-devel-0:0.77-66.13.s390x",
        "relates_to_product_reference": "4Desktop"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "pam-devel-0:0.77-66.13.x86_64 as a component of Red Hat Enterprise Linux Desktop version 4",
          "product_id": "4Desktop:pam-devel-0:0.77-66.13.x86_64"
        },
        "product_reference": "pam-devel-0:0.77-66.13.x86_64",
        "relates_to_product_reference": "4Desktop"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "pam-0:0.77-66.13.i386 as a component of Red Hat Enterprise Linux ES version 4",
          "product_id": "4ES:pam-0:0.77-66.13.i386"
        },
        "product_reference": "pam-0:0.77-66.13.i386",
        "relates_to_product_reference": "4ES"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "pam-0:0.77-66.13.ia64 as a component of Red Hat Enterprise Linux ES version 4",
          "product_id": "4ES:pam-0:0.77-66.13.ia64"
        },
        "product_reference": "pam-0:0.77-66.13.ia64",
        "relates_to_product_reference": "4ES"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "pam-0:0.77-66.13.ppc as a component of Red Hat Enterprise Linux ES version 4",
          "product_id": "4ES:pam-0:0.77-66.13.ppc"
        },
        "product_reference": "pam-0:0.77-66.13.ppc",
        "relates_to_product_reference": "4ES"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "pam-0:0.77-66.13.ppc64 as a component of Red Hat Enterprise Linux ES version 4",
          "product_id": "4ES:pam-0:0.77-66.13.ppc64"
        },
        "product_reference": "pam-0:0.77-66.13.ppc64",
        "relates_to_product_reference": "4ES"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "pam-0:0.77-66.13.s390 as a component of Red Hat Enterprise Linux ES version 4",
          "product_id": "4ES:pam-0:0.77-66.13.s390"
        },
        "product_reference": "pam-0:0.77-66.13.s390",
        "relates_to_product_reference": "4ES"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "pam-0:0.77-66.13.s390x as a component of Red Hat Enterprise Linux ES version 4",
          "product_id": "4ES:pam-0:0.77-66.13.s390x"
        },
        "product_reference": "pam-0:0.77-66.13.s390x",
        "relates_to_product_reference": "4ES"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "pam-0:0.77-66.13.src as a component of Red Hat Enterprise Linux ES version 4",
          "product_id": "4ES:pam-0:0.77-66.13.src"
        },
        "product_reference": "pam-0:0.77-66.13.src",
        "relates_to_product_reference": "4ES"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "pam-0:0.77-66.13.x86_64 as a component of Red Hat Enterprise Linux ES version 4",
          "product_id": "4ES:pam-0:0.77-66.13.x86_64"
        },
        "product_reference": "pam-0:0.77-66.13.x86_64",
        "relates_to_product_reference": "4ES"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "pam-debuginfo-0:0.77-66.13.i386 as a component of Red Hat Enterprise Linux ES version 4",
          "product_id": "4ES:pam-debuginfo-0:0.77-66.13.i386"
        },
        "product_reference": "pam-debuginfo-0:0.77-66.13.i386",
        "relates_to_product_reference": "4ES"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "pam-debuginfo-0:0.77-66.13.ia64 as a component of Red Hat Enterprise Linux ES version 4",
          "product_id": "4ES:pam-debuginfo-0:0.77-66.13.ia64"
        },
        "product_reference": "pam-debuginfo-0:0.77-66.13.ia64",
        "relates_to_product_reference": "4ES"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "pam-debuginfo-0:0.77-66.13.ppc as a component of Red Hat Enterprise Linux ES version 4",
          "product_id": "4ES:pam-debuginfo-0:0.77-66.13.ppc"
        },
        "product_reference": "pam-debuginfo-0:0.77-66.13.ppc",
        "relates_to_product_reference": "4ES"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "pam-debuginfo-0:0.77-66.13.ppc64 as a component of Red Hat Enterprise Linux ES version 4",
          "product_id": "4ES:pam-debuginfo-0:0.77-66.13.ppc64"
        },
        "product_reference": "pam-debuginfo-0:0.77-66.13.ppc64",
        "relates_to_product_reference": "4ES"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "pam-debuginfo-0:0.77-66.13.s390 as a component of Red Hat Enterprise Linux ES version 4",
          "product_id": "4ES:pam-debuginfo-0:0.77-66.13.s390"
        },
        "product_reference": "pam-debuginfo-0:0.77-66.13.s390",
        "relates_to_product_reference": "4ES"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "pam-debuginfo-0:0.77-66.13.s390x as a component of Red Hat Enterprise Linux ES version 4",
          "product_id": "4ES:pam-debuginfo-0:0.77-66.13.s390x"
        },
        "product_reference": "pam-debuginfo-0:0.77-66.13.s390x",
        "relates_to_product_reference": "4ES"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "pam-debuginfo-0:0.77-66.13.x86_64 as a component of Red Hat Enterprise Linux ES version 4",
          "product_id": "4ES:pam-debuginfo-0:0.77-66.13.x86_64"
        },
        "product_reference": "pam-debuginfo-0:0.77-66.13.x86_64",
        "relates_to_product_reference": "4ES"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "pam-devel-0:0.77-66.13.i386 as a component of Red Hat Enterprise Linux ES version 4",
          "product_id": "4ES:pam-devel-0:0.77-66.13.i386"
        },
        "product_reference": "pam-devel-0:0.77-66.13.i386",
        "relates_to_product_reference": "4ES"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "pam-devel-0:0.77-66.13.ia64 as a component of Red Hat Enterprise Linux ES version 4",
          "product_id": "4ES:pam-devel-0:0.77-66.13.ia64"
        },
        "product_reference": "pam-devel-0:0.77-66.13.ia64",
        "relates_to_product_reference": "4ES"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "pam-devel-0:0.77-66.13.ppc as a component of Red Hat Enterprise Linux ES version 4",
          "product_id": "4ES:pam-devel-0:0.77-66.13.ppc"
        },
        "product_reference": "pam-devel-0:0.77-66.13.ppc",
        "relates_to_product_reference": "4ES"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "pam-devel-0:0.77-66.13.ppc64 as a component of Red Hat Enterprise Linux ES version 4",
          "product_id": "4ES:pam-devel-0:0.77-66.13.ppc64"
        },
        "product_reference": "pam-devel-0:0.77-66.13.ppc64",
        "relates_to_product_reference": "4ES"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "pam-devel-0:0.77-66.13.s390 as a component of Red Hat Enterprise Linux ES version 4",
          "product_id": "4ES:pam-devel-0:0.77-66.13.s390"
        },
        "product_reference": "pam-devel-0:0.77-66.13.s390",
        "relates_to_product_reference": "4ES"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "pam-devel-0:0.77-66.13.s390x as a component of Red Hat Enterprise Linux ES version 4",
          "product_id": "4ES:pam-devel-0:0.77-66.13.s390x"
        },
        "product_reference": "pam-devel-0:0.77-66.13.s390x",
        "relates_to_product_reference": "4ES"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "pam-devel-0:0.77-66.13.x86_64 as a component of Red Hat Enterprise Linux ES version 4",
          "product_id": "4ES:pam-devel-0:0.77-66.13.x86_64"
        },
        "product_reference": "pam-devel-0:0.77-66.13.x86_64",
        "relates_to_product_reference": "4ES"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "pam-0:0.77-66.13.i386 as a component of Red Hat Enterprise Linux WS version 4",
          "product_id": "4WS:pam-0:0.77-66.13.i386"
        },
        "product_reference": "pam-0:0.77-66.13.i386",
        "relates_to_product_reference": "4WS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "pam-0:0.77-66.13.ia64 as a component of Red Hat Enterprise Linux WS version 4",
          "product_id": "4WS:pam-0:0.77-66.13.ia64"
        },
        "product_reference": "pam-0:0.77-66.13.ia64",
        "relates_to_product_reference": "4WS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "pam-0:0.77-66.13.ppc as a component of Red Hat Enterprise Linux WS version 4",
          "product_id": "4WS:pam-0:0.77-66.13.ppc"
        },
        "product_reference": "pam-0:0.77-66.13.ppc",
        "relates_to_product_reference": "4WS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "pam-0:0.77-66.13.ppc64 as a component of Red Hat Enterprise Linux WS version 4",
          "product_id": "4WS:pam-0:0.77-66.13.ppc64"
        },
        "product_reference": "pam-0:0.77-66.13.ppc64",
        "relates_to_product_reference": "4WS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "pam-0:0.77-66.13.s390 as a component of Red Hat Enterprise Linux WS version 4",
          "product_id": "4WS:pam-0:0.77-66.13.s390"
        },
        "product_reference": "pam-0:0.77-66.13.s390",
        "relates_to_product_reference": "4WS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "pam-0:0.77-66.13.s390x as a component of Red Hat Enterprise Linux WS version 4",
          "product_id": "4WS:pam-0:0.77-66.13.s390x"
        },
        "product_reference": "pam-0:0.77-66.13.s390x",
        "relates_to_product_reference": "4WS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "pam-0:0.77-66.13.src as a component of Red Hat Enterprise Linux WS version 4",
          "product_id": "4WS:pam-0:0.77-66.13.src"
        },
        "product_reference": "pam-0:0.77-66.13.src",
        "relates_to_product_reference": "4WS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "pam-0:0.77-66.13.x86_64 as a component of Red Hat Enterprise Linux WS version 4",
          "product_id": "4WS:pam-0:0.77-66.13.x86_64"
        },
        "product_reference": "pam-0:0.77-66.13.x86_64",
        "relates_to_product_reference": "4WS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "pam-debuginfo-0:0.77-66.13.i386 as a component of Red Hat Enterprise Linux WS version 4",
          "product_id": "4WS:pam-debuginfo-0:0.77-66.13.i386"
        },
        "product_reference": "pam-debuginfo-0:0.77-66.13.i386",
        "relates_to_product_reference": "4WS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "pam-debuginfo-0:0.77-66.13.ia64 as a component of Red Hat Enterprise Linux WS version 4",
          "product_id": "4WS:pam-debuginfo-0:0.77-66.13.ia64"
        },
        "product_reference": "pam-debuginfo-0:0.77-66.13.ia64",
        "relates_to_product_reference": "4WS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "pam-debuginfo-0:0.77-66.13.ppc as a component of Red Hat Enterprise Linux WS version 4",
          "product_id": "4WS:pam-debuginfo-0:0.77-66.13.ppc"
        },
        "product_reference": "pam-debuginfo-0:0.77-66.13.ppc",
        "relates_to_product_reference": "4WS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "pam-debuginfo-0:0.77-66.13.ppc64 as a component of Red Hat Enterprise Linux WS version 4",
          "product_id": "4WS:pam-debuginfo-0:0.77-66.13.ppc64"
        },
        "product_reference": "pam-debuginfo-0:0.77-66.13.ppc64",
        "relates_to_product_reference": "4WS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "pam-debuginfo-0:0.77-66.13.s390 as a component of Red Hat Enterprise Linux WS version 4",
          "product_id": "4WS:pam-debuginfo-0:0.77-66.13.s390"
        },
        "product_reference": "pam-debuginfo-0:0.77-66.13.s390",
        "relates_to_product_reference": "4WS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "pam-debuginfo-0:0.77-66.13.s390x as a component of Red Hat Enterprise Linux WS version 4",
          "product_id": "4WS:pam-debuginfo-0:0.77-66.13.s390x"
        },
        "product_reference": "pam-debuginfo-0:0.77-66.13.s390x",
        "relates_to_product_reference": "4WS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "pam-debuginfo-0:0.77-66.13.x86_64 as a component of Red Hat Enterprise Linux WS version 4",
          "product_id": "4WS:pam-debuginfo-0:0.77-66.13.x86_64"
        },
        "product_reference": "pam-debuginfo-0:0.77-66.13.x86_64",
        "relates_to_product_reference": "4WS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "pam-devel-0:0.77-66.13.i386 as a component of Red Hat Enterprise Linux WS version 4",
          "product_id": "4WS:pam-devel-0:0.77-66.13.i386"
        },
        "product_reference": "pam-devel-0:0.77-66.13.i386",
        "relates_to_product_reference": "4WS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "pam-devel-0:0.77-66.13.ia64 as a component of Red Hat Enterprise Linux WS version 4",
          "product_id": "4WS:pam-devel-0:0.77-66.13.ia64"
        },
        "product_reference": "pam-devel-0:0.77-66.13.ia64",
        "relates_to_product_reference": "4WS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "pam-devel-0:0.77-66.13.ppc as a component of Red Hat Enterprise Linux WS version 4",
          "product_id": "4WS:pam-devel-0:0.77-66.13.ppc"
        },
        "product_reference": "pam-devel-0:0.77-66.13.ppc",
        "relates_to_product_reference": "4WS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "pam-devel-0:0.77-66.13.ppc64 as a component of Red Hat Enterprise Linux WS version 4",
          "product_id": "4WS:pam-devel-0:0.77-66.13.ppc64"
        },
        "product_reference": "pam-devel-0:0.77-66.13.ppc64",
        "relates_to_product_reference": "4WS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "pam-devel-0:0.77-66.13.s390 as a component of Red Hat Enterprise Linux WS version 4",
          "product_id": "4WS:pam-devel-0:0.77-66.13.s390"
        },
        "product_reference": "pam-devel-0:0.77-66.13.s390",
        "relates_to_product_reference": "4WS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "pam-devel-0:0.77-66.13.s390x as a component of Red Hat Enterprise Linux WS version 4",
          "product_id": "4WS:pam-devel-0:0.77-66.13.s390x"
        },
        "product_reference": "pam-devel-0:0.77-66.13.s390x",
        "relates_to_product_reference": "4WS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "pam-devel-0:0.77-66.13.x86_64 as a component of Red Hat Enterprise Linux WS version 4",
          "product_id": "4WS:pam-devel-0:0.77-66.13.x86_64"
        },
        "product_reference": "pam-devel-0:0.77-66.13.x86_64",
        "relates_to_product_reference": "4WS"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2005-2977",
      "discovery_date": "2005-09-13T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1617773"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "The SELinux version of PAM before 0.78 r3 allows local users to perform brute force password guessing attacks via unix_chkpwd, which does not log failed guesses or delay its responses.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "security flaw",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "4AS:pam-0:0.77-66.13.i386",
          "4AS:pam-0:0.77-66.13.ia64",
          "4AS:pam-0:0.77-66.13.ppc",
          "4AS:pam-0:0.77-66.13.ppc64",
          "4AS:pam-0:0.77-66.13.s390",
          "4AS:pam-0:0.77-66.13.s390x",
          "4AS:pam-0:0.77-66.13.src",
          "4AS:pam-0:0.77-66.13.x86_64",
          "4AS:pam-debuginfo-0:0.77-66.13.i386",
          "4AS:pam-debuginfo-0:0.77-66.13.ia64",
          "4AS:pam-debuginfo-0:0.77-66.13.ppc",
          "4AS:pam-debuginfo-0:0.77-66.13.ppc64",
          "4AS:pam-debuginfo-0:0.77-66.13.s390",
          "4AS:pam-debuginfo-0:0.77-66.13.s390x",
          "4AS:pam-debuginfo-0:0.77-66.13.x86_64",
          "4AS:pam-devel-0:0.77-66.13.i386",
          "4AS:pam-devel-0:0.77-66.13.ia64",
          "4AS:pam-devel-0:0.77-66.13.ppc",
          "4AS:pam-devel-0:0.77-66.13.ppc64",
          "4AS:pam-devel-0:0.77-66.13.s390",
          "4AS:pam-devel-0:0.77-66.13.s390x",
          "4AS:pam-devel-0:0.77-66.13.x86_64",
          "4Desktop:pam-0:0.77-66.13.i386",
          "4Desktop:pam-0:0.77-66.13.ia64",
          "4Desktop:pam-0:0.77-66.13.ppc",
          "4Desktop:pam-0:0.77-66.13.ppc64",
          "4Desktop:pam-0:0.77-66.13.s390",
          "4Desktop:pam-0:0.77-66.13.s390x",
          "4Desktop:pam-0:0.77-66.13.src",
          "4Desktop:pam-0:0.77-66.13.x86_64",
          "4Desktop:pam-debuginfo-0:0.77-66.13.i386",
          "4Desktop:pam-debuginfo-0:0.77-66.13.ia64",
          "4Desktop:pam-debuginfo-0:0.77-66.13.ppc",
          "4Desktop:pam-debuginfo-0:0.77-66.13.ppc64",
          "4Desktop:pam-debuginfo-0:0.77-66.13.s390",
          "4Desktop:pam-debuginfo-0:0.77-66.13.s390x",
          "4Desktop:pam-debuginfo-0:0.77-66.13.x86_64",
          "4Desktop:pam-devel-0:0.77-66.13.i386",
          "4Desktop:pam-devel-0:0.77-66.13.ia64",
          "4Desktop:pam-devel-0:0.77-66.13.ppc",
          "4Desktop:pam-devel-0:0.77-66.13.ppc64",
          "4Desktop:pam-devel-0:0.77-66.13.s390",
          "4Desktop:pam-devel-0:0.77-66.13.s390x",
          "4Desktop:pam-devel-0:0.77-66.13.x86_64",
          "4ES:pam-0:0.77-66.13.i386",
          "4ES:pam-0:0.77-66.13.ia64",
          "4ES:pam-0:0.77-66.13.ppc",
          "4ES:pam-0:0.77-66.13.ppc64",
          "4ES:pam-0:0.77-66.13.s390",
          "4ES:pam-0:0.77-66.13.s390x",
          "4ES:pam-0:0.77-66.13.src",
          "4ES:pam-0:0.77-66.13.x86_64",
          "4ES:pam-debuginfo-0:0.77-66.13.i386",
          "4ES:pam-debuginfo-0:0.77-66.13.ia64",
          "4ES:pam-debuginfo-0:0.77-66.13.ppc",
          "4ES:pam-debuginfo-0:0.77-66.13.ppc64",
          "4ES:pam-debuginfo-0:0.77-66.13.s390",
          "4ES:pam-debuginfo-0:0.77-66.13.s390x",
          "4ES:pam-debuginfo-0:0.77-66.13.x86_64",
          "4ES:pam-devel-0:0.77-66.13.i386",
          "4ES:pam-devel-0:0.77-66.13.ia64",
          "4ES:pam-devel-0:0.77-66.13.ppc",
          "4ES:pam-devel-0:0.77-66.13.ppc64",
          "4ES:pam-devel-0:0.77-66.13.s390",
          "4ES:pam-devel-0:0.77-66.13.s390x",
          "4ES:pam-devel-0:0.77-66.13.x86_64",
          "4WS:pam-0:0.77-66.13.i386",
          "4WS:pam-0:0.77-66.13.ia64",
          "4WS:pam-0:0.77-66.13.ppc",
          "4WS:pam-0:0.77-66.13.ppc64",
          "4WS:pam-0:0.77-66.13.s390",
          "4WS:pam-0:0.77-66.13.s390x",
          "4WS:pam-0:0.77-66.13.src",
          "4WS:pam-0:0.77-66.13.x86_64",
          "4WS:pam-debuginfo-0:0.77-66.13.i386",
          "4WS:pam-debuginfo-0:0.77-66.13.ia64",
          "4WS:pam-debuginfo-0:0.77-66.13.ppc",
          "4WS:pam-debuginfo-0:0.77-66.13.ppc64",
          "4WS:pam-debuginfo-0:0.77-66.13.s390",
          "4WS:pam-debuginfo-0:0.77-66.13.s390x",
          "4WS:pam-debuginfo-0:0.77-66.13.x86_64",
          "4WS:pam-devel-0:0.77-66.13.i386",
          "4WS:pam-devel-0:0.77-66.13.ia64",
          "4WS:pam-devel-0:0.77-66.13.ppc",
          "4WS:pam-devel-0:0.77-66.13.ppc64",
          "4WS:pam-devel-0:0.77-66.13.s390",
          "4WS:pam-devel-0:0.77-66.13.s390x",
          "4WS:pam-devel-0:0.77-66.13.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2005-2977"
        },
        {
          "category": "external",
          "summary": "RHBZ#1617773",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1617773"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2005-2977",
          "url": "https://www.cve.org/CVERecord?id=CVE-2005-2977"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2005-2977",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2005-2977"
        }
      ],
      "release_date": "2005-10-26T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2005-10-26T15:58:00+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via Red Hat Network.  To use Red Hat Network,\nlaunch the Red Hat Update Agent with the following command:\n\nup2date\n\nThis will start an interactive process that will result in the appropriate\nRPMs being upgraded on your system.",
          "product_ids": [
            "4AS:pam-0:0.77-66.13.i386",
            "4AS:pam-0:0.77-66.13.ia64",
            "4AS:pam-0:0.77-66.13.ppc",
            "4AS:pam-0:0.77-66.13.ppc64",
            "4AS:pam-0:0.77-66.13.s390",
            "4AS:pam-0:0.77-66.13.s390x",
            "4AS:pam-0:0.77-66.13.src",
            "4AS:pam-0:0.77-66.13.x86_64",
            "4AS:pam-debuginfo-0:0.77-66.13.i386",
            "4AS:pam-debuginfo-0:0.77-66.13.ia64",
            "4AS:pam-debuginfo-0:0.77-66.13.ppc",
            "4AS:pam-debuginfo-0:0.77-66.13.ppc64",
            "4AS:pam-debuginfo-0:0.77-66.13.s390",
            "4AS:pam-debuginfo-0:0.77-66.13.s390x",
            "4AS:pam-debuginfo-0:0.77-66.13.x86_64",
            "4AS:pam-devel-0:0.77-66.13.i386",
            "4AS:pam-devel-0:0.77-66.13.ia64",
            "4AS:pam-devel-0:0.77-66.13.ppc",
            "4AS:pam-devel-0:0.77-66.13.ppc64",
            "4AS:pam-devel-0:0.77-66.13.s390",
            "4AS:pam-devel-0:0.77-66.13.s390x",
            "4AS:pam-devel-0:0.77-66.13.x86_64",
            "4Desktop:pam-0:0.77-66.13.i386",
            "4Desktop:pam-0:0.77-66.13.ia64",
            "4Desktop:pam-0:0.77-66.13.ppc",
            "4Desktop:pam-0:0.77-66.13.ppc64",
            "4Desktop:pam-0:0.77-66.13.s390",
            "4Desktop:pam-0:0.77-66.13.s390x",
            "4Desktop:pam-0:0.77-66.13.src",
            "4Desktop:pam-0:0.77-66.13.x86_64",
            "4Desktop:pam-debuginfo-0:0.77-66.13.i386",
            "4Desktop:pam-debuginfo-0:0.77-66.13.ia64",
            "4Desktop:pam-debuginfo-0:0.77-66.13.ppc",
            "4Desktop:pam-debuginfo-0:0.77-66.13.ppc64",
            "4Desktop:pam-debuginfo-0:0.77-66.13.s390",
            "4Desktop:pam-debuginfo-0:0.77-66.13.s390x",
            "4Desktop:pam-debuginfo-0:0.77-66.13.x86_64",
            "4Desktop:pam-devel-0:0.77-66.13.i386",
            "4Desktop:pam-devel-0:0.77-66.13.ia64",
            "4Desktop:pam-devel-0:0.77-66.13.ppc",
            "4Desktop:pam-devel-0:0.77-66.13.ppc64",
            "4Desktop:pam-devel-0:0.77-66.13.s390",
            "4Desktop:pam-devel-0:0.77-66.13.s390x",
            "4Desktop:pam-devel-0:0.77-66.13.x86_64",
            "4ES:pam-0:0.77-66.13.i386",
            "4ES:pam-0:0.77-66.13.ia64",
            "4ES:pam-0:0.77-66.13.ppc",
            "4ES:pam-0:0.77-66.13.ppc64",
            "4ES:pam-0:0.77-66.13.s390",
            "4ES:pam-0:0.77-66.13.s390x",
            "4ES:pam-0:0.77-66.13.src",
            "4ES:pam-0:0.77-66.13.x86_64",
            "4ES:pam-debuginfo-0:0.77-66.13.i386",
            "4ES:pam-debuginfo-0:0.77-66.13.ia64",
            "4ES:pam-debuginfo-0:0.77-66.13.ppc",
            "4ES:pam-debuginfo-0:0.77-66.13.ppc64",
            "4ES:pam-debuginfo-0:0.77-66.13.s390",
            "4ES:pam-debuginfo-0:0.77-66.13.s390x",
            "4ES:pam-debuginfo-0:0.77-66.13.x86_64",
            "4ES:pam-devel-0:0.77-66.13.i386",
            "4ES:pam-devel-0:0.77-66.13.ia64",
            "4ES:pam-devel-0:0.77-66.13.ppc",
            "4ES:pam-devel-0:0.77-66.13.ppc64",
            "4ES:pam-devel-0:0.77-66.13.s390",
            "4ES:pam-devel-0:0.77-66.13.s390x",
            "4ES:pam-devel-0:0.77-66.13.x86_64",
            "4WS:pam-0:0.77-66.13.i386",
            "4WS:pam-0:0.77-66.13.ia64",
            "4WS:pam-0:0.77-66.13.ppc",
            "4WS:pam-0:0.77-66.13.ppc64",
            "4WS:pam-0:0.77-66.13.s390",
            "4WS:pam-0:0.77-66.13.s390x",
            "4WS:pam-0:0.77-66.13.src",
            "4WS:pam-0:0.77-66.13.x86_64",
            "4WS:pam-debuginfo-0:0.77-66.13.i386",
            "4WS:pam-debuginfo-0:0.77-66.13.ia64",
            "4WS:pam-debuginfo-0:0.77-66.13.ppc",
            "4WS:pam-debuginfo-0:0.77-66.13.ppc64",
            "4WS:pam-debuginfo-0:0.77-66.13.s390",
            "4WS:pam-debuginfo-0:0.77-66.13.s390x",
            "4WS:pam-debuginfo-0:0.77-66.13.x86_64",
            "4WS:pam-devel-0:0.77-66.13.i386",
            "4WS:pam-devel-0:0.77-66.13.ia64",
            "4WS:pam-devel-0:0.77-66.13.ppc",
            "4WS:pam-devel-0:0.77-66.13.ppc64",
            "4WS:pam-devel-0:0.77-66.13.s390",
            "4WS:pam-devel-0:0.77-66.13.s390x",
            "4WS:pam-devel-0:0.77-66.13.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2005:805"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "security flaw"
    }
  ]
}

GHSA-9FCH-JJP9-H24R

Vulnerability from github – Published: 2022-05-01 02:13 – Updated: 2022-05-01 02:13

Details

The SELinux version of PAM before 0.78 r3 allows local users to perform brute force password guessing attacks via unix_chkpwd, which does not log failed guesses or delay its responses.

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2005-2977"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2005-11-01T12:47:00Z",
    "severity": "LOW"
  },
  "details": "The SELinux version of PAM before 0.78 r3 allows local users to perform brute force password guessing attacks via unix_chkpwd, which does not log failed guesses or delay its responses.",
  "id": "GHSA-9fch-jjp9-h24r",
  "modified": "2022-05-01T02:13:19Z",
  "published": "2022-05-01T02:13:19Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2005-2977"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=168181"
    },
    {
      "type": "WEB",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10193"
    },
    {
      "type": "WEB",
      "url": "http://cvs.sourceforge.net/viewcvs.py/pam/Linux-PAM/NEWS?rev=1.6\u0026view=markup"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/17346"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/17350"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/17352"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/17365"
    },
    {
      "type": "WEB",
      "url": "http://securitytracker.com/id?1015111"
    },
    {
      "type": "WEB",
      "url": "http://www.gentoo.org/security/en/glsa/glsa-200510-22.xml"
    },
    {
      "type": "WEB",
      "url": "http://www.redhat.com/support/errata/RHSA-2005-805.html"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/15217"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2005/2227"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GSD-2005-2977

Vulnerability from gsd - Updated: 2023-12-13 01:20

Details

The SELinux version of PAM before 0.78 r3 allows local users to perform brute force password guessing attacks via unix_chkpwd, which does not log failed guesses or delay its responses.

Aliases

CVE-2005-2977

Aliases

CVE-2005-2977

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2005-2977",
    "description": "The SELinux version of PAM before 0.78 r3 allows local users to perform brute force password guessing attacks via unix_chkpwd, which does not log failed guesses or delay its responses.",
    "id": "GSD-2005-2977",
    "references": [
      "https://access.redhat.com/errata/RHSA-2005:805"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2005-2977"
      ],
      "details": "The SELinux version of PAM before 0.78 r3 allows local users to perform brute force password guessing attacks via unix_chkpwd, which does not log failed guesses or delay its responses.",
      "id": "GSD-2005-2977",
      "modified": "2023-12-13T01:20:10.350747Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "secalert@redhat.com",
        "ID": "CVE-2005-2977",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "=",
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "The SELinux version of PAM before 0.78 r3 allows local users to perform brute force password guessing attacks via unix_chkpwd, which does not log failed guesses or delay its responses."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "http://cvs.sourceforge.net/viewcvs.py/pam/Linux-PAM/NEWS?rev=1.6\u0026view=markup",
            "refsource": "MISC",
            "url": "http://cvs.sourceforge.net/viewcvs.py/pam/Linux-PAM/NEWS?rev=1.6\u0026view=markup"
          },
          {
            "name": "http://secunia.com/advisories/17346",
            "refsource": "MISC",
            "url": "http://secunia.com/advisories/17346"
          },
          {
            "name": "http://secunia.com/advisories/17350",
            "refsource": "MISC",
            "url": "http://secunia.com/advisories/17350"
          },
          {
            "name": "http://secunia.com/advisories/17352",
            "refsource": "MISC",
            "url": "http://secunia.com/advisories/17352"
          },
          {
            "name": "http://secunia.com/advisories/17365",
            "refsource": "MISC",
            "url": "http://secunia.com/advisories/17365"
          },
          {
            "name": "http://securitytracker.com/id?1015111",
            "refsource": "MISC",
            "url": "http://securitytracker.com/id?1015111"
          },
          {
            "name": "http://www.gentoo.org/security/en/glsa/glsa-200510-22.xml",
            "refsource": "MISC",
            "url": "http://www.gentoo.org/security/en/glsa/glsa-200510-22.xml"
          },
          {
            "name": "http://www.redhat.com/support/errata/RHSA-2005-805.html",
            "refsource": "MISC",
            "url": "http://www.redhat.com/support/errata/RHSA-2005-805.html"
          },
          {
            "name": "http://www.securityfocus.com/bid/15217",
            "refsource": "MISC",
            "url": "http://www.securityfocus.com/bid/15217"
          },
          {
            "name": "http://www.vupen.com/english/advisories/2005/2227",
            "refsource": "MISC",
            "url": "http://www.vupen.com/english/advisories/2005/2227"
          },
          {
            "name": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=168181",
            "refsource": "MISC",
            "url": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=168181"
          },
          {
            "name": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10193",
            "refsource": "MISC",
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10193"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:pam:pam:*:*:selinux:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "0.80",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2005-2977"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "The SELinux version of PAM before 0.78 r3 allows local users to perform brute force password guessing attacks via unix_chkpwd, which does not log failed guesses or delay its responses."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "NVD-CWE-Other"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "GLSA-200510-22",
              "refsource": "GENTOO",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "http://www.gentoo.org/security/en/glsa/glsa-200510-22.xml"
            },
            {
              "name": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=168181",
              "refsource": "MISC",
              "tags": [],
              "url": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=168181"
            },
            {
              "name": "http://cvs.sourceforge.net/viewcvs.py/pam/Linux-PAM/NEWS?rev=1.6\u0026view=markup",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://cvs.sourceforge.net/viewcvs.py/pam/Linux-PAM/NEWS?rev=1.6\u0026view=markup"
            },
            {
              "name": "17365",
              "refsource": "SECUNIA",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/17365"
            },
            {
              "name": "1015111",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://securitytracker.com/id?1015111"
            },
            {
              "name": "15217",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/15217"
            },
            {
              "name": "RHSA-2005:805",
              "refsource": "REDHAT",
              "tags": [],
              "url": "http://www.redhat.com/support/errata/RHSA-2005-805.html"
            },
            {
              "name": "17346",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/17346"
            },
            {
              "name": "17350",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/17350"
            },
            {
              "name": "17352",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/17352"
            },
            {
              "name": "ADV-2005-2227",
              "refsource": "VUPEN",
              "tags": [],
              "url": "http://www.vupen.com/english/advisories/2005/2227"
            },
            {
              "name": "oval:org.mitre.oval:def:10193",
              "refsource": "OVAL",
              "tags": [],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10193"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 2.1,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "NONE",
            "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "LOW",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2017-10-11T01:30Z",
      "publishedDate": "2005-11-01T12:47Z"
    }
  }
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2005-2977 (GCVE-0-2005-2977)

FKIE_CVE-2005-2977

RHSA-2005:805

GHSA-9FCH-JJP9-H24R

GSD-2005-2977

Tags

Sightings

Nomenclature