pam is vulnerable to denial of service. A denial of service flaw was found in the way the pam_env module expanded certain environment variables. If an application’s PAM configuration contained user_readenv=1
(not default), a local attacker could use this flaw to cause the application to enter an infinite loop.
git.fedorahosted.org/git/?p=linux-pam.git;a=commitdiff;h=109823cb621c900c07c4b6cdc99070d354d19444
secunia.com/advisories/46583
secunia.com/advisories/49711
security.gentoo.org/glsa/glsa-201206-31.xml
www.ubuntu.com/usn/USN-1237-1
access.redhat.com/knowledge/docs/en-US/Red_Hat_Enterprise_Linux/6/html/6.4_Technical_Notes/pam.html
access.redhat.com/security/updates/classification/#moderate
bugs.launchpad.net/ubuntu/+source/pam/+bug/874565
bugzilla.redhat.com/show_bug.cgi?id=588893
bugzilla.redhat.com/show_bug.cgi?id=673398
bugzilla.redhat.com/show_bug.cgi?id=723297
bugzilla.redhat.com/show_bug.cgi?id=750601
bugzilla.redhat.com/show_bug.cgi?id=811168
bugzilla.redhat.com/show_bug.cgi?id=811243
bugzilla.redhat.com/show_bug.cgi?id=815516
rhn.redhat.com/errata/RHSA-2013-0521.html