CVE-2016-4422

CRITICAL

libpam-sshauth - Auth Bypass

Title source: llm

Description

The pam_sm_authenticate function in pam_sshauth.c in libpam-sshauth might allow context-dependent attackers to bypass authentication or gain privileges via a system user account.

References (2)

[Third Party Advisory] http://www.debian.org/security/2016/dsa-3567

[Broken Link] https://bazaar.launchpad.net/~ltsp-upstream/ltsp/libpam-sshauth/revision/114#src/pam_sshauth.c

Scores

CVSS v3 9.8

EPSS 0.0036

EPSS Percentile 57.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Classification

CWE

CWE-287

Status draft

Affected Products (2)

libpam-sshauth_project/libpam-sshauth

debian/debian_linux

Timeline

Published May 06, 2016

Tracked Since Feb 18, 2026