CVE-2008-2516

Name of the Vulnerable Software and Affected Versions libpam-pgsql version 0.6.3

Description The issue arises from the pam sm authenticate function in pam pgsql.c, which does not correctly evaluate the success of a pam get pass function call due to operator precedence. This allows local users to gain privileges by sending a SIGINT signal while the pam get pass function is executing. An example of this is when a user presses CTRL-C at a sudo password prompt in a specific configuration.

Recommendations For libpam-pgsql version 0.6.3, consider updating to a newer version that addresses this issue, as the current version does not properly handle the SIGINT signal during the execution of the pam get pass function. At the moment, there is no information about a newer version that contains a fix for this vulnerability.