Lucene search

Gentoo FoundationMGASA-2015-0266

HistoryJul 05, 2015 - 8:22 p.m.

Updated pam package fixes security vulnerability

2015-07-0520:22:03

Gentoo Foundation

advisories.mageia.org

5.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:N/A:P

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L

0.006 Low

EPSS

Percentile

78.9%

JSON

If SELinux is enabled, the _unix_run_helper_binary function in Linux-PAM 1.1.8 and earlier hangs indefinitely when verifying a password of 65536 characters, which allows attackers to conduct username enumeration and denial of service attacks (CVE-2015-3238).

OSVersionArchitecturePackageVersionFilename
Mageia4noarchpam< 1.1.8-7.2pam-1.1.8-7.2.mga4
Mageia5noarchpam< 1.1.8-10.1pam-1.1.8-10.1.mga5

OS	Version	Architecture	Package	Version	Filename
Mageia	4	noarch	pam	< 1.1.8-7.2	pam-1.1.8-7.2.mga4
Mageia	5	noarch	pam	< 1.1.8-10.1	pam-1.1.8-10.1.mga5

References

bugs.mageia.org/show_bug.cgi?id=16212

lists.fedoraproject.org/pipermail/package-announce/2015-June/161249.html

5.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:N/A:P

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L

0.006 Low

EPSS

Percentile

78.9%

JSON

Related for MGASA-2015-0266