CVE-2016-4422
CRITICALlibpam-sshauth - Improper Authentication via pam_sm_authenticate Function
Title source: llmDescription
The pam_sm_authenticate function in pam_sshauth.c in libpam-sshauth might allow context-dependent attackers to bypass authentication or gain privileges via a system user account.
References (2)
Core 2
Core References
Third Party Advisory vendor-advisory
x_refsource_debian
http://www.debian.org/security/2016/dsa-3567
Broken Link x_refsource_confirm
https://bazaar.launchpad.net/~ltsp-upstream/ltsp/libpam-sshauth/revision/114#src/pam_sshauth.c
Scores
CVSS v3
9.8
EPSS
0.0180
EPSS Percentile
75.8%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-287
Status
published
Products (2)
debian/debian_linux
8.0
libpam-sshauth_project/libpam-sshauth
Published
May 06, 2016
Tracked Since
Feb 18, 2026