CVE-2006-7108
EPSS 0.08%
Description
login in util-linux-2.12a skips pam_acct_mgmt and chauth_tok when authentication is skipped, such as when a Kerberos krlogin session has been established, which might allow users to bypass intended access policies that would be enforced by pam_acct_mgmt and chauth_tok.
How to fix CVE-2006-7108
To remediate CVE-2006-7108, upgrade the affected package to a fixed version below.
- Debian/util-linux—upgrade to 2.17.2-9 or later
Is CVE-2006-7108 being exploited?
Low — EPSS is 0.1%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- from 0, < 2.17.2-9