VULHUB ™

Under some conditions, it may be possible for users of Solaris 8 to evade PAM session restrictions. Reportedly, the pam_open_session() function call may fail with a segmentation fault if either of the variables PAM_RHOST or PAM_TTY are NULL. Exploitation may allow a user to avoid PAM session restrictions.

Under some conditions, it may be possible for users of Solaris 8 to evade PAM session restrictions. Reportedly, the pam_open_session() function call may fail with a segmentation fault if either of the variables PAM_RHOST or PAM_TTY are NULL. Exploitation may allow a user to avoid PAM session restrictions.