EUVD-2015-3294

Malware in sbrugna...

Oracle Linux 9 : pam (ELSA-2024-11250)

The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2024-11250 advisory. - pamunix: always run the helper to obtain shadow password file entries. CVE-2024-10041. Resolves: RHEL-62880 - pamnamespace: protectdir: use ODIRECTORY to...

Oracle Linux 8 : pam (ELSA-2024-10379)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-10379 advisory. - pamaccess: rework resolving of tokens as hostname. Resolves: CVE-2024-10963 and RHEL-66242 - pamunix: always run the helper to obtain shadow passwor...

pam:1.5.1 security update

1.5.1-22.0.1 - pamaccess: clean up the remote host matching code Orabug: 36771903 - pamlimits: fix use after free in pamsmopensession Orabug: 36406534 1.5.1-22 - pamaccess: rework resolving of tokens as hostname. Resolves: CVE-2024-10963 and RHEL-66245 1.5.1-21 - pamunix: always run the helper to...

RHEL 5 : pam (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - pam: DoS/user enumeration due to blocking pipe in pamunix module CVE-2015-3238 - The pamuserdb module for...

SUSE CVE-2015-3238

The unixrunhelperbinary function in the pamunix module in Linux-PAM aka pam before 1.2.1, when unable to directly access passwords, allows local users to enumerate usernames or cause a denial of service hang via a large password...

Denial Of Service (DoS)

pam is vulnerable to denial of service DoS attacks. The vulnerability exists as the unixrunhelperbinary function in the pamunix module in Linux-PAM aka pam before 1.2.1, when unable to directly access passwords, allows local users to enumerate usernames or cause a denial of service hang via a lar...

Security Bulletin: A Linux-PAM vulnerability affects IBM Security Access Manager for Web (CVE-2015-3238)

Summary Pluggable Authentication Modules PAM provide a system whereby administrators can set up authentication policies without having to recompile programs to handle authentication. IBM Security Access Manager for Web is affected by a Linux-PAM vulnerability. Vulnerability Details CVEID:...

SUSE SLES11 Security Update : pam (SUSE-SU-2016:1645-1)

This update for pam fixes two security issues. These security issues were fixed : - CVE-2015-3238: pamunix in conjunction with SELinux allowed for DoS attacks bsc934920. - CVE-2013-7041: Compare password hashes case-sensitively bsc854480. The update package also includes non-security fixes. See...

Ubuntu 14.04 LTS : PAM vulnerabilities (USN-2935-1)

The remote Ubuntu 14.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-2935-1 advisory. It was discovered that the PAM pamuserdb module incorrectly used a case-insensitive method when comparing hashed passwords. A local attacker could possib...

USN-2935-1 pam vulnerabilities

It was discovered that the PAM pamuserdb module incorrectly used a case-insensitive method when comparing hashed passwords. A local attacker could possibly use this issue to make brute force attacks easier. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. CVE-2013-7041 Sebastian...

CVE-2015-3238

The unixrunhelperbinary function in the pamunix module in Linux-PAM aka pam before 1.2.1, when unable to directly access passwords, allows local users to enumerate usernames or cause a denial of service hang via a large password...

DEBIAN-CVE-2015-3238

The unixrunhelperbinary function in the pamunix module in Linux-PAM aka pam before 1.2.1, when unable to directly access passwords, allows local users to enumerate usernames or cause a denial of service hang via a large password...

CVE-2015-3238

The CVE affects the Linux-PAM pam_unix module. The _unix_run_helper_binary function, when it cannot access passwords directly, can write to a blocking pipe, allowing local users to enumerate usernames or cause a denial of service (hang). This is documented for pam before version 1.2.1. Impact is ...

CVE-2015-3238

The unixrunhelperbinary function in the pamunix module in Linux-PAM aka pam before 1.2.1, when unable to directly access passwords, allows local users to enumerate usernames or cause a denial of service hang via a large password...

CVE-2015-3238

The unixrunhelperbinary function in the pamunix module in Linux-PAM aka pam before 1.2.1, when unable to directly access passwords, allows local users to enumerate usernames or cause a denial of service hang via a large password...

UBUNTU-CVE-2015-3238

The unixrunhelperbinary function in the pamunix module in Linux-PAM aka pam before 1.2.1, when unable to directly access passwords, allows local users to enumerate usernames or cause a denial of service hang via a large password...

OracleVM 3.3 : pam (OVMSA-2015-0117)

The remote OracleVM system is missing necessary patches to address critical security updates : - fix CVE-2015-3238 - DoS due to blocking pipe with very long password - make pampwhistory and pamunix tolerant of opasswd file corruption - pamuserdb: allow any crypt hash algorithm to be used 1119289 ...

Scientific Linux Security Update : pam on SL3.x i386/x86_64

A flaw was found in the way the Linux kernel handled certain SGIO commands. Console users with access to certain device files had the ability to damage recordable CD drives. The way pamconsole handled permissions of these files has been modified to disallow access. This change also required...

Mandriva Update for msec MDVA-2010:148 (msec)

Check for the Version of msec OpenVAS Vulnerability Test Mandriva Update for msec MDVA-2010:148 msec Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the term...