Computer Security
[EN] securityvulns.ru no-pyccku


pam buffer overflow
Published:26.10.2011
Source:
SecurityVulns ID:12000
Type:local
Threat Level:
6/10
Description:pam_env module buffer overflow
Affected:PAM : pam 1.1
CVE:CVE-2011-3149 (The _expand_arg function in the pam_env module (modules/pam_env/pam_env.c) in Linux-PAM (aka pam) before 1.1.5 does not properly handle when environment variable expansion can overflow, which allows local users to cause a denial of service (CPU consumption).)
 CVE-2011-3148 (Stack-based buffer overflow in the _assemble_line function in modules/pam_env/pam_env.c in Linux-PAM (aka pam) before 1.1.5 allows local users to cause a denial of service (crash) and possibly execute arbitrary code via a long string of white spaces at the beginning of the ~/.pam_environment file.)
Original documentdocumentDEBIAN, [SECURITY] [DSA 2326-1] pam security update (26.10.2011)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod