467 matches found
CVE-2011-3149
The expandarg function in the pamenv module modules/pamenv/pamenv.c in Linux-PAM aka pam before 1.1.5 does not properly handle when environment variable expansion can overflow, which allows local users to cause a denial of service CPU consumption...
DEBIAN-CVE-2011-3149
The expandarg function in the pamenv module modules/pamenv/pamenv.c in Linux-PAM aka pam before 1.1.5 does not properly handle when environment variable expansion can overflow, which allows local users to cause a denial of service CPU consumption...
Stack overflow
Stack-based buffer overflow in the assembleline function in modules/pamenv/pamenv.c in Linux-PAM aka pam before 1.1.5 allows local users to cause a denial of service crash and possibly execute arbitrary code via a long string of white spaces at the beginning of the /.pamenvironment file...
Design/Logic Flaw
The expandarg function in the pamenv module modules/pamenv/pamenv.c in Linux-PAM aka pam before 1.1.5 does not properly handle when environment variable expansion can overflow, which allows local users to cause a denial of service CPU consumption...
CVE-2011-3148
CVE-2011-3148 affects Linux-PAM (pam_env) before 1.1.5. The stack-based buffer overflow occurs in the _assemble_line function when parsing a long string of spaces at the beginning of ~/.pam_environment, enabling local users to crash the PAM process and potentially execute arbitrary code. Connecte...
CVE-2011-3148
Stack-based buffer overflow in the assembleline function in modules/pamenv/pamenv.c in Linux-PAM aka pam before 1.1.5 allows local users to cause a denial of service crash and possibly execute arbitrary code via a long string of white spaces at the beginning of the /.pamenvironment file...
CVE-2011-3149
The expandarg function in the pamenv module modules/pamenv/pamenv.c in Linux-PAM aka pam before 1.1.5 does not properly handle when environment variable expansion can overflow, which allows local users to cause a denial of service CPU consumption...
CVE-2011-3148
Stack-based buffer overflow in the assembleline function in modules/pamenv/pamenv.c in Linux-PAM aka pam before 1.1.5 allows local users to cause a denial of service crash and possibly execute arbitrary code via a long string of white spaces at the beginning of the /.pamenvironment file...
CVE-2011-3149
The expandarg function in the pamenv module modules/pamenv/pamenv.c in Linux-PAM aka pam before 1.1.5 does not properly handle when environment variable expansion can overflow, which allows local users to cause a denial of service CPU consumption...
CVE-2011-3149
The vulnerability CVE-2011-3149 affects the pam_env module of Linux-PAM (pam) up to version before 1.1.5. The root cause is improper handling of environment variable expansion, which can overflow and allow a local attacker to cause a denial of service via CPU consumption. Affected component is pa...
GLSA-201206-31 : Linux-PAM: Multiple vulnerabilities
The remote host is affected by the vulnerability described in GLSA-201206-31 Linux-PAM: Multiple vulnerabilities Multiple vulnerabilities have been discovered in Linux-PAM. Please review the CVE identifiers referenced below for details. Impact : A local attacker could use specially crafted files ...
Linux-PAM: Multiple vulnerabilities
Background Linux-PAM Pluggable Authentication Modules is an architecture allowing the separation of the development of privilege granting software from the development of secure and appropriate authentication schemes. Description Multiple vulnerabilities have been discovered in Linux-PAM. Please...
[SECURITY] Fedora 16 Update: pam_yubico-2.8-1.fc16
This is pamyubico, a pluggable authentication module that can be used with Linux-PAM and yubikeys. This module supports yubikey OTP checking...
CVE-2011-3148
Stack-based buffer overflow in the assembleline function in modules/pamenv/pamenv.c in Linux-PAM aka pam before 1.1.5 allows local users to cause a denial of service crash and possibly execute arbitrary code via a long string of white spaces at the beginning of the /.pamenvironment file...
CVE-2010-4708
The pamenv module in Linux-PAM aka pam 1.1.2 and earlier reads the .pamenvironment file in a user's home directory, which might allow local users to run programs with an unintended environment by executing a program that relies on the pamenv PAM check...
CVE-2010-4708
The pamenv module in Linux-PAM aka pam 1.1.2 and earlier reads the .pamenvironment file in a user's home directory, which might allow local users to run programs with an unintended environment by executing a program that relies on the pamenv PAM check...
DEBIAN-CVE-2010-4708
The pamenv module in Linux-PAM aka pam 1.1.2 and earlier reads the .pamenvironment file in a user's home directory, which might allow local users to run programs with an unintended environment by executing a program that relies on the pamenv PAM check...
DEBIAN-CVE-2010-4707
The checkacl function in pamxauth.c in the pamxauth module in Linux-PAM aka pam 1.1.2 and earlier does not verify that a certain ACL file is a regular file, which might allow local users to cause a denial of service resource consumption via a special file...
CVE-2010-4707
The checkacl function in pamxauth.c in the pamxauth module in Linux-PAM aka pam 1.1.2 and earlier does not verify that a certain ACL file is a regular file, which might allow local users to cause a denial of service resource consumption via a special file...
CVE-2010-4706
The pamsmclosesession function in pamxauth.c in the pamxauth module in Linux-PAM aka pam 1.1.2 and earlier does not properly handle a failure to determine a certain target uid, which might allow local users to delete unintended files by executing a program that relies on the pamxauth PAM check...