CVE-2005-2949
CVE-2005-2949 is a high-severity vulnerability in Mark D. Roth Pam Per User with a CVSS 2.0 base score of 7.5. It is not currently listed as actively exploited by CISA, and its EPSS exploit-prediction score is low.
Key facts
- Severity: High (CVSS 2.0 base score 7.5)
- EPSS exploit prediction: 2% (73rd percentile)
- Actively exploited: Not listed in CISA KEV
- Affected product: Mark D. Roth Pam Per User
- Published:
- Last modified:
Description
pam_per_user before 0.4 does not verify if the user name changes between authentication attempts and uses the same subrequest handle, which allows remote attackers or local users to login as other users by using certain applications that allow the username to be changed during authentication, such as /bin/login.
Frequently asked questions
- What is CVE-2005-2949?
- pam_per_user before 0.4 does not verify if the user name changes between authentication attempts and uses the same subrequest handle, which allows remote attackers or local users to login as other users by using certain applications that allow the username to be changed during authentication, such as /bin/login.
- How severe is CVE-2005-2949?
- CVE-2005-2949 has a CVSS 2.0 base score of 7.5, rated high severity.
- Is CVE-2005-2949 being actively exploited?
- It is not currently listed in CISA's KEV catalog. Its EPSS exploit-prediction score is 2% (73rd percentile), an estimate of the probability of exploitation in the next 30 days.
- What products are affected by CVE-2005-2949?
- CVE-2005-2949 primarily affects Mark D. Roth Pam Per User. In total, 3 product configurations (CPEs) are listed as vulnerable; see the affected-products list for the exact versions.
- How do I fix CVE-2005-2949?
- Review the linked vendor and NVD advisories for patched versions and mitigations, then upgrade or apply the recommended workaround. Given its high severity, prioritise patching exposed systems.
- When was CVE-2005-2949 published?
- CVE-2005-2949 was published on 2005-09-16 and last updated on 2026-06-16.
References
- http://marc.info/?l=bugtraq&m=112654636915661&w=2
- http://secunia.com/advisories/16781/
- http://securityreason.com/securityalert/2
- http://www.securityfocus.com/bid/14813
Affected products (3)
- cpe:2.3:a:mark_d._roth:pam_per_user:0.1:*:*:*:*:*:*:*
- cpe:2.3:a:mark_d._roth:pam_per_user:0.2:*:*:*:*:*:*:*
- cpe:2.3:a:mark_d._roth:pam_per_user:0.3:*:*:*:*:*:*:*