CVSS2
Attack Vector
LOCAL
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:M/Au:N/C:C/I:C/A:C
AI Score
Confidence
High
EPSS
Percentile
5.1%
Kees Cook discovered that the PAM pam_env module incorrectly handled
certain malformed environment files. A local attacker could use this flaw
to cause a denial of service, or possibly gain privileges. The default
compiler options for affected releases should reduce the vulnerability to a
denial of service. (CVE-2011-3148)
Kees Cook discovered that the PAM pam_env module incorrectly handled
variable expansion. A local attacker could use this flaw to cause a denial
of service. (CVE-2011-3149)
Stephane Chazelas discovered that the PAM pam_motd module incorrectly
cleaned the environment during execution of the motd scripts. In certain
environments, a local attacker could use this to execute arbitrary code
as root, and gain privileges.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Ubuntu | 8.04 | noarch | libpam-modules | < 0.99.7.1-5ubuntu6.5 | UNKNOWN |
Ubuntu | 8.04 | noarch | libpam-cracklib | < 0.99.7.1-5ubuntu6.5 | UNKNOWN |
Ubuntu | 8.04 | noarch | libpam0g | < 0.99.7.1-5ubuntu6.5 | UNKNOWN |
Ubuntu | 8.04 | noarch | libpam0g-dev | < 0.99.7.1-5ubuntu6.5 | UNKNOWN |
Ubuntu | 11.10 | noarch | libpam-modules | < 1.1.3-2ubuntu2.1 | UNKNOWN |
Ubuntu | 11.10 | noarch | libpam-cracklib | < 1.1.3-2ubuntu2.1 | UNKNOWN |
Ubuntu | 11.10 | noarch | libpam-modules-bin | < 1.1.3-2ubuntu2.1 | UNKNOWN |
Ubuntu | 11.10 | noarch | libpam0g | < 1.1.3-2ubuntu2.1 | UNKNOWN |
Ubuntu | 11.10 | noarch | libpam0g-dev | < 1.1.3-2ubuntu2.1 | UNKNOWN |
Ubuntu | 11.04 | noarch | libpam-modules | < 1.1.2-2ubuntu8.4 | UNKNOWN |