#27: pam_timestamp path traversal issue
---------------------+-------------------------------
Reporter: tmraz | Owner: pam-developers@…
Type: security | Status: new
Priority: major | Component: modules
Version: | Resolution:
Keywords: | Blocked By:
Blocking: |
---------------------+-------------------------------
Comment (by ldv):
To put thing more formally, if either PAM_RUSER or PAM_TTY equals to "."
or "..", or starts with "../", or ends with "/..", or
contains "/../",
then get_timestamp_name should return PAM_AUTH_ERR.
--
Ticket URL: <
https://fedorahosted.org/linux-pam/ticket/27#comment:1>
linux-pam <
http://fedorahosted.org/linux-pam>
The Linux-PAM (Pluggable Authentication Modules) project