Julian Mehnle

**Name of the Vulnerable Software and Affected Versions** libpam-pgsql version 0.6.3 **Description** The issue arises from the `pam sm authenticate` function in `pam pgsql.c`, which does not correctly evaluate the success of a `pam get pass` function call due to operator precedence. This allows local users to gain privileges by sending a SIGINT signal while the `pam get pass` function is executing. An example of this is when a user presses CTRL-C at a sudo password prompt in a specific configuration. **Recommendations** For libpam-pgsql version 0.6.3, consider updating to a newer version that addresses this issue, as the current version does not properly handle the SIGINT signal during the execution of the `pam get pass` function. At the moment, there is no information about a newer version that contains a fix for this vulnerability.