CVE-2018-6558

The pamfscrypt module in fscrypt before 0.2.4 may incorrectly restore primary and supplementary group IDs to the values associated with the root user, which allows attackers to gain privileges via a successful login through certain applications that use Linux-PAM aka pam...

Code injection

The pamfscrypt module in fscrypt before 0.2.4 may incorrectly restore primary and supplementary group IDs to the values associated with the root user, which allows attackers to gain privileges via a successful login through certain applications that use Linux-PAM aka pam...

CVE-2018-6558

The pamfscrypt module in fscrypt before 0.2.4 may incorrectly restore primary and supplementary group IDs to the values associated with the root user, which allows attackers to gain privileges via a successful login through certain applications that use Linux-PAM aka pam...

UBUNTU-CVE-2018-6558

The pamfscrypt module in fscrypt before 0.2.4 may incorrectly restore primary and supplementary group IDs to the values associated with the root user, which allows attackers to gain privileges via a successful login through certain applications that use Linux-PAM aka pam...

[SECURITY] Fedora 28 Update: pam_yubico-2.26-1.fc28

This is pamyubico, a pluggable authentication module that can be used with Linux-PAM and yubikeys. This module supports yubikey OTP checking...

[SECURITY] Fedora 27 Update: pam_yubico-2.26-1.fc27

This is pamyubico, a pluggable authentication module that can be used with Linux-PAM and yubikeys. This module supports yubikey OTP checking...

Security Bulletin: Vulnerability in Linux-PAM affects PowerKVM (CVE-2015-3238)

Summary PowerKVM is affected by a vulnerability in Linux-PAM. This vulnerability is now fixed. Vulnerability Details CVEID: CVE-2015-3238 DESCRIPTION: Linux-PAM could allow a local attacker to obtain sensitive information, caused by an error in the unixrunhelperbinary function in the pamunix...

Security Bulletin: Vulnerabilities in Open Source pam affect IBM Security Identity Governance Appliance (CVE-2015-3238)

Summary Vulnerabilities in Open Source pam that is used by IBM Security Identity Governance Vulnerability Details CVEID: CVE-2015-3238 DESCRIPTION: Linux-PAM could allow a local attacker to obtain sensitive information, caused by an error in the unixrunhelperbinary function in the pamunix module...

Security Bulletin: A Linux-PAM vulnerability affects IBM Security Access Manager for Mobile (CVE-2015-3238)

Summary Pluggable Authentication Modules PAM provide a system whereby administrators can set up authentication policies without having to recompile programs to handle authentication. IBM Security Access Manager for Mobile is affected by a Linux-PAM vulnerability. Vulnerability Details CVEID:...

Security Bulletin: A Linux-PAM vulnerability affects IBM Security Access Manager for Web (CVE-2015-3238)

Summary Pluggable Authentication Modules PAM provide a system whereby administrators can set up authentication policies without having to recompile programs to handle authentication. IBM Security Access Manager for Web is affected by a Linux-PAM vulnerability. Vulnerability Details CVEID:...

GLSA-201605-05 : Linux-PAM: Multiple vulnerabilities

The remote host is affected by the vulnerability described in GLSA-201605-05 Linux-PAM: Multiple vulnerabilities Multiple vulnerabilities have been discovered in Linux-PAM. Please review the CVE identifiers referenced below for details. Impact : Remote attackers could cause Denial of Service,...

CVE-2007-0003

pamunix.so in Linux-PAM 0.99.7.0 allows context-dependent attackers to log into accounts whose password hash, as stored in /etc/passwd or /etc/shadow, has only two characters...

F5 BIG-IP - PAM vulnerability CVE-2015-3238

The remote host is missing a security patch. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/h:f5:big-ip"; if description...

CVE-2015-3238

The unixrunhelperbinary function in the pamunix module in Linux-PAM aka pam before 1.2.1, when unable to directly access passwords, allows local users to enumerate usernames or cause a denial of service hang via a large password...

CVE-2015-3238

The unixrunhelperbinary function in the pamunix module in Linux-PAM aka pam before 1.2.1, when unable to directly access passwords, allows local users to enumerate usernames or cause a denial of service hang via a large password...

DEBIAN-CVE-2015-3238

The unixrunhelperbinary function in the pamunix module in Linux-PAM aka pam before 1.2.1, when unable to directly access passwords, allows local users to enumerate usernames or cause a denial of service hang via a large password...

Default credentials

The unixrunhelperbinary function in the pamunix module in Linux-PAM aka pam before 1.2.1, when unable to directly access passwords, allows local users to enumerate usernames or cause a denial of service hang via a large password...

CVE-2015-3238

The unixrunhelperbinary function in the pamunix module in Linux-PAM aka pam before 1.2.1, when unable to directly access passwords, allows local users to enumerate usernames or cause a denial of service hang via a large password...

CVE-2015-3238

The CVE affects the Linux-PAM pam_unix module. The _unix_run_helper_binary function, when it cannot access passwords directly, can write to a blocking pipe, allowing local users to enumerate usernames or cause a denial of service (hang). This is documented for pam before version 1.2.1. Impact is ...

CVE-2015-3238

The unixrunhelperbinary function in the pamunix module in Linux-PAM aka pam before 1.2.1, when unable to directly access passwords, allows local users to enumerate usernames or cause a denial of service hang via a large password...