Lucene search
HistoryJul 22, 2012 - 5:55 p.m.
CVE-2011-3149
2.1 Low
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:N/I:N/A:P
5.8 Medium
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
5.1%
The _expand_arg function in the pam_env module (modules/pam_env/pam_env.c) in Linux-PAM (aka pam) before 1.1.5 does not properly handle when environment variable expansion can overflow, which allows local users to cause a denial of service (CPU consumption).
Affected configurations
Node
linux-pamlinux-pamRange≤1.1.4
ORlinux-pamlinux-pamMatch0.99.1.0
ORlinux-pamlinux-pamMatch0.99.2.0
ORlinux-pamlinux-pamMatch0.99.2.1
ORlinux-pamlinux-pamMatch0.99.3.0
ORlinux-pamlinux-pamMatch0.99.4.0
ORlinux-pamlinux-pamMatch0.99.5.0
ORlinux-pamlinux-pamMatch0.99.6.0
ORlinux-pamlinux-pamMatch0.99.6.1
ORlinux-pamlinux-pamMatch0.99.6.2
ORlinux-pamlinux-pamMatch0.99.6.3
ORlinux-pamlinux-pamMatch0.99.7.0
ORlinux-pamlinux-pamMatch0.99.7.1
ORlinux-pamlinux-pamMatch0.99.8.0
ORlinux-pamlinux-pamMatch0.99.8.1
ORlinux-pamlinux-pamMatch0.99.9.0
ORlinux-pamlinux-pamMatch0.99.10.0
ORlinux-pamlinux-pamMatch1.0.0
ORlinux-pamlinux-pamMatch1.0.1
ORlinux-pamlinux-pamMatch1.0.2
ORlinux-pamlinux-pamMatch1.0.3
ORlinux-pamlinux-pamMatch1.0.4
ORlinux-pamlinux-pamMatch1.1.0
ORlinux-pamlinux-pamMatch1.1.1
ORlinux-pamlinux-pamMatch1.1.2
ORlinux-pamlinux-pamMatch1.1.3
Related
openvas
openvas
Fedora Update for pam FEDORA-2011-16390
2012-04-02 00:00:00
Fedora Update for pam FEDORA-2011-16365
2011-12-12 00:00:00
Fedora Update for pam FEDORA-2011-16365
2011-12-12 00:00:00
nessus
nessus
Fedora 15 : pam-1.1.5-1.fc15 (2011-16365)
2011-12-12 00:00:00
Fedora 16 : pam-1.1.5-1.fc16 (2011-16390)
2011-12-05 00:00:00
Scientific Linux Security Update : pam on SL6.x i386/x86_64 (20130221)
2013-03-01 00:00:00
prion
prion
Design/Logic Flaw
2012-07-22 17:55:00
cve
cve
CVE-2011-3149
2012-07-22 17:55:01
fedora
fedora
[SECURITY] Fedora 16 Update: pam-1.1.5-1.fc16
2011-12-04 02:23:38
[SECURITY] Fedora 15 Update: pam-1.1.5-1.fc15
2011-12-10 20:05:01
ubuntucve
ubuntucve
CVE-2011-3149
2011-10-24 00:00:00
debiancve
debiancve
CVE-2011-3149
2012-07-22 17:55:01
veracode
veracode
Denial Of Service (DoS)
2019-05-02 04:53:01
cvelist
cvelist
CVE-2011-3149
2012-07-22 17:00:00
osv
osv
pam - several
2011-10-24 00:00:00
oraclelinux
oraclelinux
pam security, bug fix, and enhancement update
2013-02-22 00:00:00
centos
centos
pam security update
2013-02-27 19:37:13
securityvulns
securityvulns
[SECURITY] [DSA 2326-1] pam security update
2011-10-26 00:00:00
pam buffer overflow
2011-10-26 00:00:00
f5
f5
SOL16878 - PAM vulnerabilities CVE-2011-3148 and CVE-2011-3149
2015-07-02 00:00:00
K16878 : PAM vulnerabilities CVE-2011-3148 and CVE-2011-3149
2015-07-02 00:00:00
amazon
amazon
Medium: pam
2013-03-02 16:48:00
debian
debian
[SECURITY] [DSA 2326-1] pam security update
2011-10-24 16:50:48
redhat
redhat
suse
suse
pam: fixing stack overflow (CVE-2011-3148), a local DoS (CVE-2011-3149) and CVE-2010-3316. (important)
2011-11-03 00:08:35
Security update for pam (important)
2011-11-03 00:08:24
ubuntu
ubuntu
PAM vulnerabilities
2011-10-24 00:00:00
gentoo
gentoo
Linux-PAM: Multiple vulnerabilities
2012-06-25 00:00:00
2.1 Low
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:N/I:N/A:P
5.8 Medium
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
5.1%
Related for NVD:CVE-2011-3149