RHEL 5 : pam (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - pam: DoS/user enumeration due to blocking pipe in pamunix module CVE-2015-3238 - The pamuserdb module for...

Security Bulletin: A Linux-PAM vulnerability affects IBM Security Access Manager for Web (CVE-2015-3238)

Summary Pluggable Authentication Modules PAM provide a system whereby administrators can set up authentication policies without having to recompile programs to handle authentication. IBM Security Access Manager for Web is affected by a Linux-PAM vulnerability. Vulnerability Details CVEID:...

CVE-2015-3238

The unixrunhelperbinary function in the pamunix module in Linux-PAM aka pam before 1.2.1, when unable to directly access passwords, allows local users to enumerate usernames or cause a denial of service hang via a large password...

CVE-2015-3238

The CVE affects the Linux-PAM pam_unix module. The _unix_run_helper_binary function, when it cannot access passwords directly, can write to a blocking pipe, allowing local users to enumerate usernames or cause a denial of service (hang). This is documented for pam before version 1.2.1. Impact is ...

CVE-2015-3238

The unixrunhelperbinary function in the pamunix module in Linux-PAM aka pam before 1.2.1, when unable to directly access passwords, allows local users to enumerate usernames or cause a denial of service hang via a large password...

CVE-2015-3238

The unixrunhelperbinary function in the pamunix module in Linux-PAM aka pam before 1.2.1, when unable to directly access passwords, allows local users to enumerate usernames or cause a denial of service hang via a large password...

UBUNTU-CVE-2015-3238

The unixrunhelperbinary function in the pamunix module in Linux-PAM aka pam before 1.2.1, when unable to directly access passwords, allows local users to enumerate usernames or cause a denial of service hang via a large password...

CVE-2009-2482

The pamunix module in OpenPAM in NetBSD 4.0 before 4.0.2 and 5.0 before 5.0.1 allows local users to change the current root password if it is already known, even when they are not in the wheel group...

openSUSE 10 Security Update : pam (pam-2601)

A bug in pamunix module allowed users under certain circumstances to log in although their account was locked. pamunix is not used on openSUSE by default though CVE-2007-0003. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracte...