CVE-2001-1147

Name of the Vulnerable Software and Affected Versions util-linux versions prior to 2.11

Description The issue concerns the PAM implementation in the util-linux package, specifically in /bin/login. It allows a password entry to be rewritten across multiple PAM calls, potentially providing one user's credentials to another user when used with certain PAM modules like pam limits. Multiple vulnerabilities in the util-linux package could lead to breaches of confidentiality, integrity, and availability of protected information, with potential for local exploitation.

Recommendations For util-linux versions prior to 2.11, update to version 2.11 or later to resolve the issue. As a temporary workaround, consider restricting the use of PAM modules that could exploit this issue, such as pam limits, until the update is applied.