Pluggable Authentication Modules (PAM) provide a system whereby
administrators can set up authentication policies without having to
recompile programs to handle authentication.
It was discovered that the _unix_run_helper_binary() function of PAM’s
unix_pam module could write to a blocking pipe, possibly causing the
function to become unresponsive. An attacker able to supply large passwords
to the unix_pam module could use this flaw to enumerate valid user
accounts, or cause a denial of service on the system. (CVE-2015-3238)
Red Hat would like to thank Sebastien Macke of Trustwave SpiderLabs for
reporting this issue.
All pam users are advised to upgrade to this updated package, which
contains a backported patch to correct this issue.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
RedHat | 7 | s390 | pam | < 1.1.8-12.el7_1.1 | pam-1.1.8-12.el7_1.1.s390.rpm |
RedHat | 7 | ppc64 | pam-devel | < 1.1.8-12.el7_1.1 | pam-devel-1.1.8-12.el7_1.1.ppc64.rpm |
RedHat | 6 | src | pam | < 1.1.1-20.el6_7.1 | pam-1.1.1-20.el6_7.1.src.rpm |
RedHat | 6 | ppc64 | pam-devel | < 1.1.1-20.el6_7.1 | pam-devel-1.1.1-20.el6_7.1.ppc64.rpm |
RedHat | 6 | x86_64 | pam | < 1.1.1-20.el6_7.1 | pam-1.1.1-20.el6_7.1.x86_64.rpm |
RedHat | 7 | s390 | pam-debuginfo | < 1.1.8-12.el7_1.1 | pam-debuginfo-1.1.8-12.el7_1.1.s390.rpm |
RedHat | 7 | ppc | pam-debuginfo | < 1.1.8-12.el7_1.1 | pam-debuginfo-1.1.8-12.el7_1.1.ppc.rpm |
RedHat | 6 | ppc64 | pam | < 1.1.1-20.el6_7.1 | pam-1.1.1-20.el6_7.1.ppc64.rpm |
RedHat | 7 | src | pam | < 1.1.8-12.el7_1.1 | pam-1.1.8-12.el7_1.1.src.rpm |
RedHat | 6 | s390x | pam | < 1.1.1-20.el6_7.1 | pam-1.1.1-20.el6_7.1.s390x.rpm |