Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:27744
HistoryMar 10, 2012 - 12:00 a.m.

[USN-1395-1] PyPAM vulnerability

2012-03-1000:00:00
vulners.com
37
JSON

==========================================================================
Ubuntu Security Notice USN-1395-1
March 08, 2012

python-pam vulnerability

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 11.10
  • Ubuntu 11.04
  • Ubuntu 10.10
  • Ubuntu 10.04 LTS

Summary:

PyPAM could be made to crash or possibly run programs if it processed
a specially crafted password.

Software Description:

  • python-pam: A Python interface to the PAM library

Details:

Markus Vervier discovered that PyPAM incorrectly handled passwords
containing NULL bytes. An attacker could exploit this to cause applications
using PyPAM to crash, or possibly execute arbitrary code.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 11.10:
python-pam 0.4.2-12.2ubuntu2.11.10.1

Ubuntu 11.04:
python-pam 0.4.2-12.2ubuntu2.11.04.1

Ubuntu 10.10:
python-pam 0.4.2-12.1ubuntu1.10.10.1

Ubuntu 10.04 LTS:
python-pam 0.4.2-12.1ubuntu1.10.04.1

After a standard system update you need to restart applications that use
PyPAM to make all the necessary changes.

References:
http://www.ubuntu.com/usn/usn-1395-1
CVE-2012-1502

Package Information:
https://launchpad.net/ubuntu/+source/python-pam/0.4.2-12.2ubuntu2.11.10.1
https://launchpad.net/ubuntu/+source/python-pam/0.4.2-12.2ubuntu2.11.04.1
https://launchpad.net/ubuntu/+source/python-pam/0.4.2-12.1ubuntu1.10.10.1
https://launchpad.net/ubuntu/+source/python-pam/0.4.2-12.1ubuntu1.10.04.1

Related

openvas 7
exploitpack 1
nessus 6
seebug 1
debiancve 1
packetstorm 1
prion 1
debian 1
gentoo 1
securityvulns 2
ubuntucve 1
ubuntu 1
cve 1
exploitdb 1
openvas
openvas
Ubuntu Update for python-pam USN-1395-1
2012-03-09 00:00:00
Debian: Security Advisory (DSA-2430-1)
2012-04-30 00:00:00
Debian Security Advisory DSA 2430-1 (python-pam)
2012-04-30 00:00:00
exploitpack
exploitpack
PyPAM Python bindings for PAM - Double-Free Corruption
2012-03-10 00:00:00
nessus
nessus
Debian DSA-2430-1 : python-pam - double free
2012-03-12 00:00:00
SuSE 10 Security Update : python-pam (ZYPP Patch Number 8031)
2012-05-30 00:00:00
SuSE 11.1 Security Update : python-pam (SAT Patch Number 6025)
2013-01-25 00:00:00
seebug
seebug
PyPAM - Python bindings for PAM - Double Free Corruption
2014-07-01 00:00:00
debiancve
debiancve
CVE-2012-1502
2012-06-16 00:55:00
packetstorm
packetstorm
PyPAM 0.4.2 Double-Free Corruption
2012-03-09 00:00:00
prion
prion
Double free
2012-06-16 00:55:00
debian
debian
[SECURITY] [DSA 2430-1] python-pam security update
2012-03-10 15:51:34
gentoo
gentoo
PyPAM: Arbitrary code execution
2015-07-09 00:00:00
securityvulns
securityvulns
LSE-2012-03-01: PyPAM -- Python bindings for PAM - Double Free Corruption
2012-03-10 00:00:00
python-pam memory corruption
2012-03-10 00:00:00
ubuntucve
ubuntucve
CVE-2012-1502
2012-03-08 00:00:00
ubuntu
ubuntu
PyPAM vulnerability
2012-03-08 00:00:00
cve
cve
CVE-2012-1502
2012-06-16 00:55:00
exploitdb
exploitdb
PyPAM Python bindings for PAM - Double-Free Corruption
2012-03-10 00:00:00
JSON
Related for SECURITYVULNS:DOC:27744
openvas7exploitpack1nessus6seebug1debiancve1packetstorm1prion1debian1gentoo1securityvulns2ubuntucve1ubuntu1cve1exploitdb1