CVE-2011-5054

Name of the Vulnerable Software and Affected Versions kcheckpass (affected versions not specified)

Description The issue allows local users to invoke any configured PAM stack, potentially triggering unintended side effects, by passing a user-supplied argument to the pam start function within a setuid environment. This can be achieved via an arbitrary valid PAM service name. The vendor notes that the possibility of resultant privilege escalation may be unlikely.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.