Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
gentooGentoo FoundationGLSA-201206-31
HistoryJun 25, 2012 - 12:00 a.m.

Linux-PAM: Multiple vulnerabilities

2012-06-2500:00:00
Gentoo Foundation
security.gentoo.org
13

7.2 High

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

0.0004 Low

EPSS

Percentile

10.2%

JSON

Background

Linux-PAM (Pluggable Authentication Modules) is an architecture allowing the separation of the development of privilege granting software from the development of secure and appropriate authentication schemes.

Description

Multiple vulnerabilities have been discovered in Linux-PAM. Please review the CVE identifiers referenced below for details.

Impact

A local attacker could use specially crafted files to cause a buffer overflow, possibly resulting in privilege escalation or Denial of Service. Furthermore, a local attacker could execute specially crafted programs or symlink attacks, possibly resulting in data loss or disclosure of sensitive information.

Workaround

There is no known workaround at this time.

Resolution

All Linux-PAM users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=sys-libs/pam-1.1.5"

NOTE: This is a legacy GLSA. Updates for all affected architectures are available since November 25, 2011. It is likely that your system is already no longer affected by this issue.

OSVersionArchitecturePackageVersionFilename
Gentooanyallsys-libs/pam< 1.1.5UNKNOWN

Related

openvas 34
nessus 34
ubuntu 3
redhat 4
oraclelinux 3
centos 2
ubuntucve 10
fedora 5
securityvulns 5
suse 6
nvd 10
prion 10
osv 1
debiancve 10
cve 10
cvelist 10
f5 2
amazon 1
debian 1
vmware 2
veracode 6
openvas
openvas
Gentoo Security Advisory GLSA 201206-31 (pam)
2012-08-10 00:00:00
Gentoo Security Advisory GLSA 201206-31 (pam)
2012-08-10 00:00:00
Ubuntu Update for pam USN-1140-1
2011-06-06 00:00:00
nessus
nessus
GLSA-201206-31 : Linux-PAM: Multiple vulnerabilities
2012-06-26 00:00:00
Ubuntu 8.04 LTS / 10.04 LTS / 10.10 / 11.04 : pam vulnerabilities (USN-1140-1)
2011-06-13 00:00:00
RHEL 6 : pam (RHSA-2010:0891)
2010-11-18 00:00:00
ubuntu
ubuntu
PAM vulnerabilities
2011-05-30 00:00:00
PAM regression
2011-05-31 00:00:00
PAM vulnerabilities
2011-10-24 00:00:00
redhat
redhat
(RHSA-2010:0891) Moderate: pam security update
2010-11-16 00:00:00
(RHSA-2010:0819) Moderate: pam security update
2010-11-01 00:00:00
(RHSA-2013:0521) Moderate: pam security, bug fix, and enhancement update
2013-02-21 00:00:00
oraclelinux
oraclelinux
pam security update
2011-02-10 00:00:00
pam security update
2010-11-01 00:00:00
pam security, bug fix, and enhancement update
2013-02-22 00:00:00
centos
centos
pam security update
2010-11-01 21:56:05
pam security update
2013-02-27 19:37:13
ubuntucve
ubuntucve
CVE-2010-3316
2011-01-24 00:00:00
CVE-2010-3435
2011-01-24 00:00:00
CVE-2010-4706
2011-01-24 00:00:00
fedora
fedora
[SECURITY] Fedora 14 Update: pam-1.1.1-6.fc14
2010-11-06 23:42:52
[SECURITY] Fedora 12 Update: pam-1.1.1-6.fc12
2010-11-17 23:16:19
[SECURITY] Fedora 13 Update: pam-1.1.1-6.fc13
2010-11-04 23:28:57
securityvulns
securityvulns
PAM authentuication modules multiple security vulnerabilities
2010-11-08 00:00:00
[ MDVSA-2010:220 ] pam
2010-11-08 00:00:00
[SECURITY] [DSA 2326-1] pam security update
2011-10-26 00:00:00
suse
suse
pam: fixing stack overflow (CVE-2011-3148), a local DoS (CVE-2011-3149) and CVE-2010-3316. (important)
2011-11-03 00:08:35
Security update for pam (important)
2011-11-02 23:08:31
Security update for pam (important)
2011-11-04 15:08:22
nvd
nvd
CVE-2010-3431
2011-01-24 18:00:01
CVE-2010-3430
2011-01-24 18:00:01
CVE-2010-4706
2011-01-24 19:00:01
prion
prion
Privilege escalation
2011-01-24 18:00:00
Privilege escalation
2011-01-24 18:00:00
Authentication flaw
2011-01-24 19:00:00
osv
osv
pam - several
2011-10-24 00:00:00
debiancve
debiancve
CVE-2010-3430
2011-01-24 18:00:01
CVE-2010-3431
2011-01-24 18:00:01
CVE-2010-4708
2011-01-24 19:00:02
cve
cve
CVE-2010-3431
2011-01-24 18:00:01
CVE-2010-3430
2011-01-24 18:00:01
CVE-2010-4708
2011-01-24 19:00:02
cvelist
cvelist
CVE-2010-3431
2011-01-24 17:00:00
CVE-2010-3430
2011-01-24 17:00:00
CVE-2010-4708
2011-01-24 18:00:00
f5
f5
SOL16878 - PAM vulnerabilities CVE-2011-3148 and CVE-2011-3149
2015-07-02 00:00:00
K16878 : PAM vulnerabilities CVE-2011-3148 and CVE-2011-3149
2015-07-02 00:00:00
amazon
amazon
Medium: pam
2013-03-02 16:48:00
debian
debian
[SECURITY] [DSA 2326-1] pam security update
2011-10-24 16:50:48
vmware
vmware
VMware ESX/ESXi SLPD denial of service vulnerability and ESX third party updates for Service Console packages bind, pam, and rpm.
2011-03-07 00:00:00
VMware ESX/ESXi SLPD denial of service vulnerability and ESX third party updates for Service Console packages bind, pam, and rpm.
2011-03-07 00:00:00
veracode
veracode
Privilege Escalation
2020-04-10 00:47:51
Denial Of Service (DoS)
2020-04-10 00:47:51
Denial Of Service (DoS)
2019-01-15 08:57:42

7.2 High

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

0.0004 Low

EPSS

Percentile

10.2%

JSON
Related for GLSA-201206-31
openvas34nessus34ubuntu3redhat4oraclelinux3centos2ubuntucve10fedora5securityvulns5suse6nvd10prion10osv1debiancve10cve10cvelist10f52amazon1debian1vmware2veracode6