27 matches found
MiracleLinux 3 : pam-0.99.6.2-6.2.0.1.AXS3 (AXSA:2010-484:02)
The remote MiracleLinux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2010-484:02 advisory. PAM Pluggable Authentication Modules is a system security tool that allows system administrators to set authentication policy without having to...
Linux Distros Unpatched Vulnerability : CVE-2010-3316
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The runcoprocess function in pamxauth.c in the pamxauth module in Linux-PAM aka pam before 1.1.2 does not check the return values of the setuid, setgid, and...
RHEL 4 : pam (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 4 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - pam: pamenv and pammail accessing users' file with root privileges CVE-2010-3435 - pam: pamxauth: Does no...
RHEL 3 : pam (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 3 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - pam: pamenv and pammail accessing users' file with root privileges CVE-2010-3435 - The runcoprocess...
NewStart CGSL CORE 5.04 / MAIN 5.04 : pam Multiple Vulnerabilities (NS-SA-2019-0198)
The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has pam packages installed that are affected by multiple vulnerabilities: - pamunix.so in Linux-PAM 0.99.7.0 allows context- dependent attackers to log into accounts whose password hash, as stored in /etc/passwd or /etc/shadow,...
Oracle: Security Advisory (ELSA-2010-0891)
The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Oracle Linux 5 : pam (ELSA-2010-0819)
The remote Oracle Linux 5 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2010-0819 advisory. - fix insecure dropping of priviledges in pamxauth and pammail - CVE-2010-3316 637898, CVE-2010-3435 641335 Tenable has extracted the preceding...
Scientific Linux Security Update : pam on SL5.x i386/x86_64
It was discovered that the pamnamespace module executed the external script namespace.init with an unchanged environment inherited from an application calling PAM. In cases where such an environment was untrusted for example, when pamnamespace was configured for setuid applications such as su or...
SuSE 10 Security Update : pam (ZYPP Patch Number 7814)
The pamenv module is vulnerable to a stack overflow CVE-2011-3148 and a DoS condition CVE-2011-3149 when parsing users .pamenvironment files. Additionally a missing return value check inside pamxauth has been fixed. CVE-2010-3316 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text...
SuSE 11.1 Security Update : pam (SAT Patch Number 5342)
The pamenv module is vulnerable to a stack overflow CVE-2011-3148 and a DoS condition CVE-2011-3149 when parsing users .pamenvironment files. Additionally a missing return value check inside pamxauth has been fixed. CVE-2010-3316 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptiv...
pam: fixing stack overflow (CVE-2011-3148), a local DoS (CVE-2011-3149) and CVE-2010-3316. (important)
The pamenv module is vulnerable to a stack overflow CVE-2011-3148 and a DoS condition CVE-2011-3149 when parsing users .pamenvironment files. Additionally a missing return value check inside pamxauth has been fixed CVE-2010-3316...
SuSE 10 Security Update : pam (ZYPP Patch Number 7815)
The pamenv module is vulnerable to a stack overflow CVE-2011-3148 and a DoS condition CVE-2011-3149 when parsing users .pamenvironment files. Additionally a missing return value check inside pamxauth has been fixed. CVE-2010-3316 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text...
Ubuntu: Security Advisory (USN-1140-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
VMSA-2011-0004 : VMware ESX/ESXi SLPD denial of service vulnerability and ESX third-party updates for Service Console packages bind, pam, and rpm.
a. Service Location Protocol daemon DoS This patch fixes a denial-of-service vulnerability in the Service Location Protocol daemon SLPD. Exploitation of this vulnerability could cause SLPD to consume significant CPU resources. VMware would like to thank Nicolas Gregoire and US CERT for reporting...
pam security update
1.1.1-4.1 - fix insecure dropping of priviledges in pamxauth, pamenv, and pammail - CVE-2010-3316 637898, CVE-2010-3435 641335 - fix insecure executing of scripts with user supplied environment variables in pamnamespace - CVE-2010-3853 643043...
CVE-2010-3316
CVE-2010-3316 affects the pam_xauth module of Linux-PAM before 1.1.2. The issue is in pam_xauth.c: the run_coprocess function does not validate the return values of setuid, setgid, and setgroups, which may allow a local attacker to read arbitrary files by exploiting the pam_xauth PAM check. The c...
CVE-2010-3316
The runcoprocess function in pamxauth.c in the pamxauth module in Linux-PAM aka pam before 1.1.2 does not check the return values of the setuid, setgid, and setgroups system calls, which might allow local users to read arbitrary files by executing a program that relies on the pamxauth PAM check...
Fedora Update for pam FEDORA-2010-17155
The remote host is missing an update for the SPDX-FileCopyrightText: 2010 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...
CentOS 5 : pam (CESA-2010:0819)
Updated pam packages that fix three security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings, are...
Fedora Update for pam FEDORA-2010-17133
The remote host is missing an update for the SPDX-FileCopyrightText: 2010 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...