Lucene search

K

Veracode Vulnerability DatabaseVERACODE:11150

HistoryJan 15, 2019 - 8:57 a.m.

Denial Of Service (DoS)

2019-01-1508:57:42

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

15

EPSS

0

Percentile

5.1%

pam is vulnerable to denial of service (DoS) attacks. The vulnerability exists as a stack-based buffer overflow in the _assemble_line function in modules/pam_env/pam_env.c in Linux-PAM (aka pam) before 1.1.5 allows local users to cause a denial of service (crash) and possibly execute arbitrary code via a long string of white spaces at the beginning of the ~/.pam_environment file.

References

git.fedorahosted.org/git/?p=linux-pam.git;a=commitdiff;h=caf5e7f61c8d9288daa49b4f61962e6b1239121d

secunia.com/advisories/46583

secunia.com/advisories/49711

security.gentoo.org/glsa/glsa-201206-31.xml

www.ubuntu.com/usn/USN-1237-1

access.redhat.com/knowledge/docs/en-US/Red_Hat_Enterprise_Linux/6/html/6.4_Technical_Notes/pam.html

access.redhat.com/security/updates/classification/#moderate

bugs.launchpad.net/ubuntu/+source/pam/+bug/874469

bugzilla.redhat.com/show_bug.cgi?id=588893

bugzilla.redhat.com/show_bug.cgi?id=673398

bugzilla.redhat.com/show_bug.cgi?id=723297

bugzilla.redhat.com/show_bug.cgi?id=750601

bugzilla.redhat.com/show_bug.cgi?id=811168

bugzilla.redhat.com/show_bug.cgi?id=811243

bugzilla.redhat.com/show_bug.cgi?id=815516

rhn.redhat.com/errata/RHSA-2013-0521.html

EPSS

0

Percentile

5.1%

Related for VERACODE:11150

ubuntucve1 cve1 cvelist1 prion1 nvd1 debiancve1 suse6 redhat2 nessus14 openvas12 osv1 centos1 securityvulns2 oraclelinux1 amazon1 debian1 f52 ubuntu1 gentoo1