CVE-2007-1716 Information

Description

pam_console does not properly restore ownership for certain console devices when there are multiple users logged into the console and one user logs out which might allow local users to gain privileges.

Reference

ftp://patches.sgi.com/support/free/security/advisories/20070602-01-P.asc http://lists.grok.org.uk/pipermail/full-disclosure/2007-September/065902.html http://osvdb.org/37271 http://secunia.com/advisories/25631 http://secunia.com/advisories/25894 http://secunia.com/advisories/26909 http://secunia.com/advisories/27590 http://secunia.com/advisories/27706 http://secunia.com/advisories/28319 http://security.gentoo.org/glsa/glsa-200711-23.xml http://support.avaya.com/elmodocs2/security/ASA-2007-526.htm http://www.redhat.com/support/errata/RHSA-2007-0465.html http://www.redhat.com/support/errata/RHSA-2007-0555.html http://www.redhat.com/support/errata/RHSA-2007-0737.html http://www.vupen.com/english/advisories/2007/3229 https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=230823 https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A11483