{"f5": [{"lastseen": "2017-10-12T02:11:17", "bulletinFamily": "software", "cvelist": ["CVE-2011-3149", "CVE-2011-3148"], "edition": 1, "description": "Description \n\n\n * [CVE-2011-3148](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3148>) \n \nStack-based buffer overflow in the _assemble_line function in modules/pam_env/pam_env.c in Linux-PAM (aka pam) before 1.1.5 allows local users to cause a denial of service (crash) and possibly execute arbitrary code via a long string of white spaces at the beginning of the ~/.pam_environment file.\n * [CVE-2011-3149](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3149>) \n \nThe _expand_arg function in the pam_env module (modules/pam_env/pam_env.c) in Linux-PAM (aka pam) before 1.1.5 does not properly handle when environment variable expansion can overflow, which allows local users to cause a denial of service (CPU consumption). \n\n\nImpact \n\n\nThere is no impact; F5 products are not affected by this vulnerability.\n\nStatus\n\nTo determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the vulnerability, refer to the following table:\n\nProduct | Versions known to be vulnerable | Versions known to be not vulnerable | Severity | Vulnerable component or feature \n---|---|---|---|--- \nBIG-IP LTM | None \n| 11.0.0 - 11.6.0 \n10.0.0 - 10.2.4 \n| Not vulnerable | None \n \nBIG-IP AAM | None \n| 11.4.0 - 11.6.0 \n| Not vulnerable | None \n \nBIG-IP AFM | None \n| 11.3.0 - 11.6.0 \n| Not vulnerable | None \n \nBIG-IP Analytics | None \n| 11.0.0 - 11.6.0 \n| Not vulnerable | None \n \nBIG-IP APM | None \n| 11.0.0 - 11.6.0 \n10.1.0 - 10.2.4 \n| Not vulnerable | None \n \nBIG-IP ASM | None \n| 11.0.0 - 11.6.0 \n10.0.0 - 10.2.4 \n| Not vulnerable | None \n \nBIG-IP Edge Gateway \n| None \n| 11.0.0 - 11.3.0 \n10.1.0 - 10.2.4 \n| Not vulnerable | None \n \nBIG-IP GTM | None \n| 11.0.0 - 11.6.0 \n10.0.0 - 10.2.4 \n| Not vulnerable | None \n \nBIG-IP Link Controller | None \n| 11.0.0 - 11.6.0 \n10.0.0 - 10.2.4 \n| Not vulnerable | None \n \nBIG-IP PEM | None \n| 11.3.0 - 11.6.0 \n| Not vulnerable | None \n \nBIG-IP PSM | None \n| 11.0.0 - 11.4.1 \n10.0.0 - 10.2.4 \n| Not vulnerable | None \n \nBIG-IP WebAccelerator | None \n| 11.0.0 - 11.3.0 \n10.0.0 - 10.2.4 \n| Not vulnerable | None \n \nBIG-IP WOM | None \n| 11.0.0 - 11.3.0 \n10.0.0 - 10.2.4 \n| Not vulnerable | None \n \nARX | None \n| 6.0.0 - 6.4.0 \n| Not vulnerable | None \n \nEnterprise Manager | None \n| 3.0.0 - 3.1.1 \n| Not vulnerable | None \n \nFirePass | None \n| 7.0.0 \n6.0.0 - 6.1.0 \n| Not vulnerable | None \n \nBIG-IQ Cloud | None \n| 4.0.0 - 4.5.0 \n| Not vulnerable | None \n \nBIG-IQ Device | None \n| 4.2.0 - 4.5.0 \n| Not vulnerable | None \n \nBIG-IQ Security | None \n| 4.0.0 - 4.5.0 \n| Not vulnerable | None \n \nBIG-IQ ADC | None \n| 4.5.0 \n| Not vulnerable | None \n \nLineRate | None \n| 2.5.0 - 2.6.0 \n| Not vulnerable | None \n \nF5 WebSafe | None \n| 1.0.0 \n| Not vulnerable | None \n \nTraffix SDC | None \n| 4.0.0 - 4.4.0 \n3.3.2 - 3.5.1 \n| Not vulnerable | None \n \n \n**Note**: As of February 17, 2015, AskF5 Security Advisory articles include the Severity value. Security Advisory articles published before this date do not list a Severity value.\n\nRecommended Action\n\nNone\n\nSupplemental Information\n\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n * [K4918: Overview of the F5 critical issue hotfix policy](<https://support.f5.com/csp/article/K4918>)\n * [K167: Downloading software and firmware from F5](<https://support.f5.com/csp/article/K167>)\n * [K13123: Managing BIG-IP product hotfixes (11.x)](<https://support.f5.com/csp/article/K13123>)\n", "modified": "2016-01-09T02:22:00", "published": "2015-07-03T00:43:00", "href": "https://support.f5.com/csp/article/K16878", "id": "F5:K16878", "type": "f5", "title": "PAM vulnerabilities CVE-2011-3148 and CVE-2011-3149", "cvss": {"score": 4.6, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2016-09-26T17:23:10", "bulletinFamily": "software", "cvelist": ["CVE-2011-3149", "CVE-2011-3148"], "edition": 1, "description": "**Note**: As of February 17, 2015, AskF5 Security Advisory articles include the Severity value. Security Advisory articles published before this date do not list a Severity value.\n\nRecommended Action\n\nNone\n\nSupplemental Information\n\n * SOL9970: Subscribing to email notifications regarding F5 products\n * SOL9957: Creating a custom RSS feed to view new and updated documents\n * SOL4602: Overview of the F5 security vulnerability response policy\n * SOL4918: Overview of the F5 critical issue hotfix policy\n * SOL167: Downloading software and firmware from F5\n * SOL13123: Managing BIG-IP product hotfixes (11.x)\n", "modified": "2015-07-02T00:00:00", "published": "2015-07-02T00:00:00", "href": "http://support.f5.com/kb/en-us/solutions/public/16000/800/sol16878.html", "id": "SOL16878", "title": "SOL16878 - PAM vulnerabilities CVE-2011-3148 and CVE-2011-3149", "type": "f5", "cvss": {"score": 4.6, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "suse": [{"lastseen": "2016-09-04T12:14:44", "bulletinFamily": "unix", "cvelist": ["CVE-2011-3149", "CVE-2010-3316", "CVE-2011-3148"], "description": "The pam_env module is vulnerable to a stack overflow\n (CVE-2011-3148) and a DoS condition (CVE-2011-3149) when\n parsing users .pam_environment files. Additionally a\n missing return value check inside pam_xauth has been fixed\n (CVE-2010-3316).\n\n", "edition": 1, "modified": "2011-11-03T00:08:35", "published": "2011-11-03T00:08:35", "id": "OPENSUSE-SU-2011:1208-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00005.html", "type": "suse", "title": "pam: fixing stack overflow (CVE-2011-3148), a local DoS (CVE-2011-3149) and CVE-2010-3316. (important)", "cvss": {"score": 4.6, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2016-09-04T12:14:55", "bulletinFamily": "unix", "cvelist": ["CVE-2011-3149", "CVE-2010-3316", "CVE-2011-3148"], "description": "The pam_env module is vulnerable to a stack overflow\n (CVE-2011-3148) and a DoS condition (CVE-2011-3149) when\n parsing users .pam_environment files. Additionally a\n missing return value check inside pam_xauth has been fixed\n (CVE-2010-3316).\n", "edition": 1, "modified": "2011-11-02T23:08:31", "published": "2011-11-02T23:08:31", "id": "SUSE-SU-2011:1205-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00003.html", "title": "Security update for pam (important)", "type": "suse", "cvss": {"score": 4.6, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2016-09-04T12:32:46", "bulletinFamily": "unix", "cvelist": ["CVE-2011-3149", "CVE-2010-3316", "CVE-2011-3148"], "description": "The pam_env module is vulnerable to a stack overflow\n (CVE-2011-3148) and a DoS condition (CVE-2011-3149) when\n parsing users .pam_environment files. Additionally a\n missing return value check inside pam_xauth has been fixed\n (CVE-2010-3316).\n", "edition": 1, "modified": "2011-11-03T00:08:24", "published": "2011-11-03T00:08:24", "id": "SUSE-SU-2011:1207-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00004.html", "type": "suse", "title": "Security update for pam (important)", "cvss": {"score": 4.6, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2016-04-13T00:53:51", "bulletinFamily": "unix", "cvelist": ["CVE-2011-3149", "CVE-2010-3316", "CVE-2011-3148"], "description": "The pam_env module was vulnerable to a stack overflow\n (CVE-2011-3148) and a DoS condition (CVE-2011-3149) when\n parsing users .pam_environment files. Additionally a\n missing return value check inside pam_xauth has been fixed\n (CVE-2010-3316).\n", "edition": 1, "modified": "2011-11-04T15:08:22", "published": "2011-11-04T15:08:22", "id": "SUSE-SU-2011:1218-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00010.html", "type": "suse", "title": "Security update for pam (important)", "cvss": {"score": 4.6, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2016-09-04T11:37:36", "bulletinFamily": "unix", "cvelist": ["CVE-2011-3149", "CVE-2010-3316", "CVE-2011-3148"], "description": "The pam_env module is vulnerable to a stack overflow\n (CVE-2011-3148) and a DoS condition (CVE-2011-3149) when\n parsing users .pam_environment files. Additionally a\n missing return value check inside pam_xauth has been fixed\n (CVE-2010-3316).\n", "edition": 1, "modified": "2011-11-03T00:08:45", "published": "2011-11-03T00:08:45", "id": "SUSE-SU-2011:1209-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00006.html", "type": "suse", "title": "Security update for pam (important)", "cvss": {"score": 4.6, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "cve": [{"lastseen": "2020-12-09T19:39:09", "description": "Stack-based buffer overflow in the _assemble_line function in modules/pam_env/pam_env.c in Linux-PAM (aka pam) before 1.1.5 allows local users to cause a denial of service (crash) and possibly execute arbitrary code via a long string of white spaces at the beginning of the ~/.pam_environment file.", "edition": 5, "cvss3": {}, "published": "2012-07-22T17:55:00", "title": "CVE-2011-3148", "type": "cve", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-3148"], "modified": "2019-01-03T15:01:00", "cpe": ["cpe:/a:linux-pam:linux-pam:0.99.6.2", "cpe:/a:linux-pam:linux-pam:1.1.1", "cpe:/a:linux-pam:linux-pam:0.99.2.0", "cpe:/a:linux-pam:linux-pam:1.1.2", "cpe:/a:linux-pam:linux-pam:1.1.0", "cpe:/a:linux-pam:linux-pam:0.99.5.0", "cpe:/a:linux-pam:linux-pam:0.99.9.0", "cpe:/a:linux-pam:linux-pam:0.99.8.1", "cpe:/a:linux-pam:linux-pam:0.99.8.0", "cpe:/a:linux-pam:linux-pam:0.99.3.0", "cpe:/a:linux-pam:linux-pam:0.99.1.0", "cpe:/a:linux-pam:linux-pam:0.99.6.0", "cpe:/a:linux-pam:linux-pam:1.0.4", "cpe:/a:linux-pam:linux-pam:0.99.6.3", "cpe:/a:linux-pam:linux-pam:0.99.4.0", "cpe:/a:linux-pam:linux-pam:0.99.7.1", "cpe:/a:linux-pam:linux-pam:0.99.7.0", "cpe:/a:linux-pam:linux-pam:1.1.4", "cpe:/a:linux-pam:linux-pam:1.0.1", "cpe:/a:linux-pam:linux-pam:1.1.3", "cpe:/a:linux-pam:linux-pam:0.99.2.1", "cpe:/a:linux-pam:linux-pam:0.99.10.0", "cpe:/a:linux-pam:linux-pam:0.99.6.1", "cpe:/a:linux-pam:linux-pam:1.0.2", "cpe:/a:linux-pam:linux-pam:1.0.3", "cpe:/a:linux-pam:linux-pam:1.0.0"], "id": "CVE-2011-3148", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3148", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:linux-pam:linux-pam:0.99.6.3:*:*:*:*:*:*:*", "cpe:2.3:a:linux-pam:linux-pam:1.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:linux-pam:linux-pam:1.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:linux-pam:linux-pam:1.1.3:*:*:*:*:*:*:*", "cpe:2.3:a:linux-pam:linux-pam:1.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:linux-pam:linux-pam:0.99.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:linux-pam:linux-pam:0.99.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:linux-pam:linux-pam:0.99.7.0:*:*:*:*:*:*:*", "cpe:2.3:a:linux-pam:linux-pam:1.1.4:*:*:*:*:*:*:*", "cpe:2.3:a:linux-pam:linux-pam:0.99.8.0:*:*:*:*:*:*:*", "cpe:2.3:a:linux-pam:linux-pam:0.99.6.0:*:*:*:*:*:*:*", "cpe:2.3:a:linux-pam:linux-pam:0.99.4.0:*:*:*:*:*:*:*", "cpe:2.3:a:linux-pam:linux-pam:0.99.6.1:*:*:*:*:*:*:*", "cpe:2.3:a:linux-pam:linux-pam:0.99.5.0:*:*:*:*:*:*:*", "cpe:2.3:a:linux-pam:linux-pam:0.99.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:linux-pam:linux-pam:0.99.7.1:*:*:*:*:*:*:*", "cpe:2.3:a:linux-pam:linux-pam:1.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:linux-pam:linux-pam:1.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:linux-pam:linux-pam:1.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:linux-pam:linux-pam:1.1.2:*:*:*:*:*:*:*", "cpe:2.3:a:linux-pam:linux-pam:0.99.9.0:*:*:*:*:*:*:*", "cpe:2.3:a:linux-pam:linux-pam:0.99.3.0:*:*:*:*:*:*:*", "cpe:2.3:a:linux-pam:linux-pam:0.99.6.2:*:*:*:*:*:*:*", "cpe:2.3:a:linux-pam:linux-pam:0.99.8.1:*:*:*:*:*:*:*", "cpe:2.3:a:linux-pam:linux-pam:1.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:linux-pam:linux-pam:0.99.10.0:*:*:*:*:*:*:*"]}, {"lastseen": "2020-12-09T19:39:09", "description": "The _expand_arg function in the pam_env module (modules/pam_env/pam_env.c) in Linux-PAM (aka pam) before 1.1.5 does not properly handle when environment variable expansion can overflow, which allows local users to cause a denial of service (CPU consumption).", "edition": 5, "cvss3": {}, "published": "2012-07-22T17:55:00", "title": "CVE-2011-3149", "type": "cve", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-3149"], "modified": "2019-01-03T15:01:00", "cpe": ["cpe:/a:linux-pam:linux-pam:0.99.6.2", "cpe:/a:linux-pam:linux-pam:1.1.1", "cpe:/a:linux-pam:linux-pam:0.99.2.0", "cpe:/a:linux-pam:linux-pam:1.1.2", "cpe:/a:linux-pam:linux-pam:1.1.0", "cpe:/a:linux-pam:linux-pam:0.99.5.0", "cpe:/a:linux-pam:linux-pam:0.99.9.0", "cpe:/a:linux-pam:linux-pam:0.99.8.1", "cpe:/a:linux-pam:linux-pam:0.99.8.0", "cpe:/a:linux-pam:linux-pam:0.99.3.0", "cpe:/a:linux-pam:linux-pam:0.99.1.0", "cpe:/a:linux-pam:linux-pam:0.99.6.0", "cpe:/a:linux-pam:linux-pam:1.0.4", "cpe:/a:linux-pam:linux-pam:0.99.6.3", "cpe:/a:linux-pam:linux-pam:0.99.4.0", "cpe:/a:linux-pam:linux-pam:0.99.7.1", "cpe:/a:linux-pam:linux-pam:0.99.7.0", "cpe:/a:linux-pam:linux-pam:1.1.4", "cpe:/a:linux-pam:linux-pam:1.0.1", "cpe:/a:linux-pam:linux-pam:1.1.3", "cpe:/a:linux-pam:linux-pam:0.99.2.1", "cpe:/a:linux-pam:linux-pam:0.99.10.0", "cpe:/a:linux-pam:linux-pam:0.99.6.1", "cpe:/a:linux-pam:linux-pam:1.0.2", "cpe:/a:linux-pam:linux-pam:1.0.3", "cpe:/a:linux-pam:linux-pam:1.0.0"], "id": "CVE-2011-3149", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3149", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:a:linux-pam:linux-pam:0.99.6.3:*:*:*:*:*:*:*", "cpe:2.3:a:linux-pam:linux-pam:1.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:linux-pam:linux-pam:1.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:linux-pam:linux-pam:1.1.3:*:*:*:*:*:*:*", "cpe:2.3:a:linux-pam:linux-pam:1.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:linux-pam:linux-pam:0.99.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:linux-pam:linux-pam:0.99.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:linux-pam:linux-pam:0.99.7.0:*:*:*:*:*:*:*", "cpe:2.3:a:linux-pam:linux-pam:1.1.4:*:*:*:*:*:*:*", "cpe:2.3:a:linux-pam:linux-pam:0.99.8.0:*:*:*:*:*:*:*", "cpe:2.3:a:linux-pam:linux-pam:0.99.6.0:*:*:*:*:*:*:*", "cpe:2.3:a:linux-pam:linux-pam:0.99.4.0:*:*:*:*:*:*:*", "cpe:2.3:a:linux-pam:linux-pam:0.99.6.1:*:*:*:*:*:*:*", "cpe:2.3:a:linux-pam:linux-pam:0.99.5.0:*:*:*:*:*:*:*", "cpe:2.3:a:linux-pam:linux-pam:0.99.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:linux-pam:linux-pam:0.99.7.1:*:*:*:*:*:*:*", "cpe:2.3:a:linux-pam:linux-pam:1.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:linux-pam:linux-pam:1.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:linux-pam:linux-pam:1.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:linux-pam:linux-pam:1.1.2:*:*:*:*:*:*:*", "cpe:2.3:a:linux-pam:linux-pam:0.99.9.0:*:*:*:*:*:*:*", "cpe:2.3:a:linux-pam:linux-pam:0.99.3.0:*:*:*:*:*:*:*", "cpe:2.3:a:linux-pam:linux-pam:0.99.6.2:*:*:*:*:*:*:*", "cpe:2.3:a:linux-pam:linux-pam:0.99.8.1:*:*:*:*:*:*:*", "cpe:2.3:a:linux-pam:linux-pam:1.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:linux-pam:linux-pam:0.99.10.0:*:*:*:*:*:*:*"]}], "openvas": [{"lastseen": "2019-05-29T18:39:20", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-3149", "CVE-2011-3148"], "description": "The remote host is missing an update to pam\nannounced via advisory DSA 2326-1.", "modified": "2019-03-18T00:00:00", "published": "2012-02-11T00:00:00", "id": "OPENVAS:136141256231070541", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231070541", "type": "openvas", "title": "Debian Security Advisory DSA 2326-1 (pam)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_2326_1.nasl 14275 2019-03-18 14:39:45Z cfischer $\n# Description: Auto-generated from advisory DSA 2326-1 (pam)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.70541\");\n script_tag(name:\"cvss_base\", value:\"4.6\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_cve_id(\"CVE-2011-3148\", \"CVE-2011-3149\");\n script_version(\"$Revision: 14275 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-18 15:39:45 +0100 (Mon, 18 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2012-02-11 02:26:19 -0500 (Sat, 11 Feb 2012)\");\n script_name(\"Debian Security Advisory DSA 2326-1 (pam)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB6\");\n script_xref(name:\"URL\", value:\"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%202326-1\");\n script_tag(name:\"insight\", value:\"Kees Cook of the ChromeOS security team discovered a buffer overflow\nin pam_env, a PAM module to set environment variables through the\nPAM stack, which allowed the execution of arbitrary code. An additional\nissue in argument parsing allows denial of service.\n\nThe oldstable distribution (lenny) is not affected.\n\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 1.1.1-6.1+squeeze1.\n\nFor the unstable distribution (sid), this problem will be fixed soon\n(the impact in sid is limited to denial of service for both issues)\");\n\n script_tag(name:\"solution\", value:\"We recommend that you upgrade your pam packages.\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update to pam\nannounced via advisory DSA 2326-1.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"libpam-cracklib\", ver:\"1.1.1-6.1+squeeze1\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libpam-doc\", ver:\"1.1.1-6.1+squeeze1\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libpam-modules\", ver:\"1.1.1-6.1+squeeze1\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libpam-runtime\", ver:\"1.1.1-6.1+squeeze1\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libpam0g\", ver:\"1.1.1-6.1+squeeze1\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libpam0g-dev\", ver:\"1.1.1-6.1+squeeze1\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2018-01-18T11:09:30", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-3149", "CVE-2011-3148"], "description": "Check for the Version of pam", "modified": "2018-01-17T00:00:00", "published": "2013-02-22T00:00:00", "id": "OPENVAS:870934", "href": "http://plugins.openvas.org/nasl.php?oid=870934", "type": "openvas", "title": "RedHat Update for pam RHSA-2013:0521-02", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for pam RHSA-2013:0521-02\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Pluggable Authentication Modules (PAM) provide a system whereby\n administrators can set up authentication policies without having to\n recompile programs to handle authentication.\n\n A stack-based buffer overflow flaw was found in the way the pam_env module\n parsed users ~/.pam_environment files. If an application's PAM\n configuration contained user_readenv=1 (this is not the default), a\n local attacker could use this flaw to crash the application or, possibly,\n escalate their privileges. (CVE-2011-3148)\n\n A denial of service flaw was found in the way the pam_env module expanded\n certain environment variables. If an application's PAM configuration\n contained user_readenv=1 (this is not the default), a local attacker\n could use this flaw to cause the application to enter an infinite loop.\n (CVE-2011-3149)\n\n Red Hat would like to thank Kees Cook of the Google ChromeOS Team for\n reporting the CVE-2011-3148 and CVE-2011-3149 issues.\n\n These updated pam packages include numerous bug fixes and enhancements.\n Space precludes documenting all of these changes in this advisory. Users\n are directed to the Red Hat Enterprise Linux 6.4 Technical Notes, linked\n to in the References, for information on the most significant of these\n changes.\n\n All pam users are advised to upgrade to these updated packages, which\n contain backported patches to correct these issues and add these\n enhancements.\";\n\n\ntag_affected = \"pam on Red Hat Enterprise Linux Desktop (v. 6),\n Red Hat Enterprise Linux Server (v. 6),\n Red Hat Enterprise Linux Workstation (v. 6)\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/rhsa-announce/2013-February/msg00060.html\");\n script_id(870934);\n script_version(\"$Revision: 8448 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-17 17:18:06 +0100 (Wed, 17 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2013-02-22 10:02:19 +0530 (Fri, 22 Feb 2013)\");\n script_cve_id(\"CVE-2011-3148\", \"CVE-2011-3149\");\n script_bugtraq_id(50343);\n script_tag(name:\"cvss_base\", value:\"4.6\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"RHSA\", value: \"2013:0521-02\");\n script_name(\"RedHat Update for pam RHSA-2013:0521-02\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of pam\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"RHENT_6\")\n{\n\n if ((res = isrpmvuln(pkg:\"pam\", rpm:\"pam~1.1.1~13.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"pam-debuginfo\", rpm:\"pam-debuginfo~1.1.1~13.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"pam-devel\", rpm:\"pam-devel~1.1.1~13.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 4.6, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:37:57", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-3149", "CVE-2011-3148"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2013-03-12T00:00:00", "id": "OPENVAS:1361412562310881657", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310881657", "type": "openvas", "title": "CentOS Update for pam CESA-2013:0521 centos6", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for pam CESA-2013:0521 centos6\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2013-March/019462.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.881657\");\n script_version(\"$Revision: 14222 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 13:50:48 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2013-03-12 10:01:03 +0530 (Tue, 12 Mar 2013)\");\n script_cve_id(\"CVE-2011-3148\", \"CVE-2011-3149\");\n script_tag(name:\"cvss_base\", value:\"4.6\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name:\"CESA\", value:\"2013:0521\");\n script_name(\"CentOS Update for pam CESA-2013:0521 centos6\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'pam'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS6\");\n script_tag(name:\"affected\", value:\"pam on CentOS 6\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n script_tag(name:\"insight\", value:\"Pluggable Authentication Modules (PAM) provide a system whereby\n administrators can set up authentication policies without having to\n recompile programs to handle authentication.\n\n A stack-based buffer overflow flaw was found in the way the pam_env module\n parsed users' '~/.pam_environment' files. If an application's PAM\n configuration contained 'user_readenv=1' (this is not the default), a\n local attacker could use this flaw to crash the application or, possibly,\n escalate their privileges. (CVE-2011-3148)\n\n A denial of service flaw was found in the way the pam_env module expanded\n certain environment variables. If an application's PAM configuration\n contained 'user_readenv=1' (this is not the default), a local attacker\n could use this flaw to cause the application to enter an infinite loop.\n (CVE-2011-3149)\n\n Red Hat would like to thank Kees Cook of the Google ChromeOS Team for\n reporting the CVE-2011-3148 and CVE-2011-3149 issues.\n\n These updated pam packages include numerous bug fixes and enhancements.\n Space precludes documenting all of these changes in this advisory. Users\n are directed to the Red Hat Enterprise Linux 6.4 Technical Notes, linked\n to in the References, for information on the most significant of these\n changes.\n\n All pam users are advised to upgrade to these updated packages, which\n contain backported patches to correct these issues and add these\n enhancements.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS6\")\n{\n\n if ((res = isrpmvuln(pkg:\"pam\", rpm:\"pam~1.1.1~13.el6\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"pam-devel\", rpm:\"pam-devel~1.1.1~13.el6\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:38:29", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-3149", "CVE-2011-3148"], "description": "The remote host is missing an update for the ", "modified": "2018-11-23T00:00:00", "published": "2013-02-22T00:00:00", "id": "OPENVAS:1361412562310870934", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310870934", "type": "openvas", "title": "RedHat Update for pam RHSA-2013:0521-02", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for pam RHSA-2013:0521-02\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"https://www.redhat.com/archives/rhsa-announce/2013-February/msg00060.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.870934\");\n script_version(\"$Revision: 12497 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-23 09:28:21 +0100 (Fri, 23 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2013-02-22 10:02:19 +0530 (Fri, 22 Feb 2013)\");\n script_cve_id(\"CVE-2011-3148\", \"CVE-2011-3149\");\n script_bugtraq_id(50343);\n script_tag(name:\"cvss_base\", value:\"4.6\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name:\"RHSA\", value:\"2013:0521-02\");\n script_name(\"RedHat Update for pam RHSA-2013:0521-02\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'pam'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\", re:\"ssh/login/release=RHENT_6\");\n script_tag(name:\"affected\", value:\"pam on Red Hat Enterprise Linux Desktop (v. 6),\n Red Hat Enterprise Linux Server (v. 6),\n Red Hat Enterprise Linux Workstation (v. 6)\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"insight\", value:\"Pluggable Authentication Modules (PAM) provide a system whereby\n administrators can set up authentication policies without having to\n recompile programs to handle authentication.\n\n A stack-based buffer overflow flaw was found in the way the pam_env module\n parsed users ~/.pam_environment files. If an application's PAM\n configuration contained user_readenv=1 (this is not the default), a\n local attacker could use this flaw to crash the application or, possibly,\n escalate their privileges. (CVE-2011-3148)\n\n A denial of service flaw was found in the way the pam_env module expanded\n certain environment variables. If an application's PAM configuration\n contained user_readenv=1 (this is not the default), a local attacker\n could use this flaw to cause the application to enter an infinite loop.\n (CVE-2011-3149)\n\n Red Hat would like to thank Kees Cook of the Google ChromeOS Team for\n reporting the CVE-2011-3148 and CVE-2011-3149 issues.\n\n These updated pam packages include numerous bug fixes and enhancements.\n Space precludes documenting all of these changes in this advisory. Users\n are directed to the Red Hat Enterprise Linux 6.4 Technical Notes, linked\n to in the References, for information on the most significant of these\n changes.\n\n All pam users are advised to upgrade to these updated packages, which\n contain backported patches to correct these issues and add these\n enhancements.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"RHENT_6\")\n{\n\n if ((res = isrpmvuln(pkg:\"pam\", rpm:\"pam~1.1.1~13.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"pam-debuginfo\", rpm:\"pam-debuginfo~1.1.1~13.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"pam-devel\", rpm:\"pam-devel~1.1.1~13.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2017-07-25T10:52:00", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-3149", "CVE-2011-3148"], "description": "Check for the Version of pam", "modified": "2017-07-10T00:00:00", "published": "2013-03-12T00:00:00", "id": "OPENVAS:881657", "href": "http://plugins.openvas.org/nasl.php?oid=881657", "type": "openvas", "title": "CentOS Update for pam CESA-2013:0521 centos6 ", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for pam CESA-2013:0521 centos6 \n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Pluggable Authentication Modules (PAM) provide a system whereby\n administrators can set up authentication policies without having to\n recompile programs to handle authentication.\n\n A stack-based buffer overflow flaw was found in the way the pam_env module\n parsed users' "~/.pam_environment" files. If an application's PAM\n configuration contained "user_readenv=1" (this is not the default), a\n local attacker could use this flaw to crash the application or, possibly,\n escalate their privileges. (CVE-2011-3148)\n \n A denial of service flaw was found in the way the pam_env module expanded\n certain environment variables. If an application's PAM configuration\n contained "user_readenv=1" (this is not the default), a local attacker\n could use this flaw to cause the application to enter an infinite loop.\n (CVE-2011-3149)\n \n Red Hat would like to thank Kees Cook of the Google ChromeOS Team for\n reporting the CVE-2011-3148 and CVE-2011-3149 issues.\n \n These updated pam packages include numerous bug fixes and enhancements.\n Space precludes documenting all of these changes in this advisory. Users\n are directed to the Red Hat Enterprise Linux 6.4 Technical Notes, linked\n to in the References, for information on the most significant of these\n changes.\n \n All pam users are advised to upgrade to these updated packages, which\n contain backported patches to correct these issues and add these\n enhancements.\";\n\n\ntag_affected = \"pam on CentOS 6\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2013-March/019462.html\");\n script_id(881657);\n script_version(\"$Revision: 6655 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 13:48:58 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2013-03-12 10:01:03 +0530 (Tue, 12 Mar 2013)\");\n script_cve_id(\"CVE-2011-3148\", \"CVE-2011-3149\");\n script_tag(name:\"cvss_base\", value:\"4.6\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"CESA\", value: \"2013:0521\");\n script_name(\"CentOS Update for pam CESA-2013:0521 centos6 \");\n\n script_summary(\"Check for the Version of pam\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS6\")\n{\n\n if ((res = isrpmvuln(pkg:\"pam\", rpm:\"pam~1.1.1~13.el6\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"pam-devel\", rpm:\"pam-devel~1.1.1~13.el6\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 4.6, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-24T12:51:19", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-3149", "CVE-2011-3148"], "description": "The remote host is missing an update to pam\nannounced via advisory DSA 2326-1.", "modified": "2017-07-07T00:00:00", "published": "2012-02-11T00:00:00", "id": "OPENVAS:70541", "href": "http://plugins.openvas.org/nasl.php?oid=70541", "type": "openvas", "title": "Debian Security Advisory DSA 2326-1 (pam)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_2326_1.nasl 6612 2017-07-07 12:08:03Z cfischer $\n# Description: Auto-generated from advisory DSA 2326-1 (pam)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Kees Cook of the ChromeOS security team discovered a buffer overflow\nin pam_env, a PAM module to set environment variables through the\nPAM stack, which allowed the execution of arbitrary code. An additional\nissue in argument parsing allows denial of service.\n\nThe oldstable distribution (lenny) is not affected.\n\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 1.1.1-6.1+squeeze1.\n\nFor the unstable distribution (sid), this problem will be fixed soon\n(the impact in sid is limited to denial of service for both issues)\n\nWe recommend that you upgrade your pam packages.\";\ntag_summary = \"The remote host is missing an update to pam\nannounced via advisory DSA 2326-1.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%202326-1\";\n\nif(description)\n{\n script_id(70541);\n script_tag(name:\"cvss_base\", value:\"4.6\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_cve_id(\"CVE-2011-3148\", \"CVE-2011-3149\");\n script_version(\"$Revision: 6612 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 14:08:03 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-02-11 02:26:19 -0500 (Sat, 11 Feb 2012)\");\n script_name(\"Debian Security Advisory DSA 2326-1 (pam)\");\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"libpam-cracklib\", ver:\"1.1.1-6.1+squeeze1\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libpam-doc\", ver:\"1.1.1-6.1+squeeze1\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libpam-modules\", ver:\"1.1.1-6.1+squeeze1\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libpam-runtime\", ver:\"1.1.1-6.1+squeeze1\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libpam0g\", ver:\"1.1.1-6.1+squeeze1\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libpam0g-dev\", ver:\"1.1.1-6.1+squeeze1\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 4.6, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2020-03-17T23:01:42", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-3149", "CVE-2011-3148"], "description": "The remote host is missing an update announced via the referenced Security Advisory.", "modified": "2020-03-13T00:00:00", "published": "2015-09-08T00:00:00", "id": "OPENVAS:1361412562310120393", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310120393", "type": "openvas", "title": "Amazon Linux: Security Advisory (ALAS-2013-160)", "sourceData": "# Copyright (C) 2015 Eero Volotinen\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.120393\");\n script_version(\"2020-03-13T13:19:50+0000\");\n script_tag(name:\"creation_date\", value:\"2015-09-08 13:25:19 +0200 (Tue, 08 Sep 2015)\");\n script_tag(name:\"last_modification\", value:\"2020-03-13 13:19:50 +0000 (Fri, 13 Mar 2020)\");\n script_name(\"Amazon Linux: Security Advisory (ALAS-2013-160)\");\n script_tag(name:\"insight\", value:\"A stack-based buffer overflow flaw was found in the way the pam_env module parsed users' ~/.pam_environment files. If an application's PAM configuration contained user_readenv=1 (this is not the default), a local attacker could use this flaw to crash the application or, possibly, escalate their privileges. (CVE-2011-3148 )A denial of service flaw was found in the way the pam_env module expanded certain environment variables. If an application's PAM configuration contained user_readenv=1 (this is not the default), a local attacker could use this flaw to cause the application to enter an infinite loop. (CVE-2011-3149 )\");\n script_tag(name:\"solution\", value:\"Run yum update pam to update your system.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://alas.aws.amazon.com/ALAS-2013-160.html\");\n script_cve_id(\"CVE-2011-3149\", \"CVE-2011-3148\");\n script_tag(name:\"cvss_base\", value:\"4.6\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/amazon_linux\", \"ssh/login/release\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"summary\", value:\"The remote host is missing an update announced via the referenced Security Advisory.\");\n script_copyright(\"Copyright (C) 2015 Eero Volotinen\");\n script_family(\"Amazon Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"AMAZON\") {\n if(!isnull(res = isrpmvuln(pkg:\"pam-debuginfo\", rpm:\"pam-debuginfo~1.1.1~13.20.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"pam\", rpm:\"pam~1.1.1~13.20.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"pam-devel\", rpm:\"pam-devel~1.1.1~13.20.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:36:11", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-3149", "CVE-2011-3148"], "description": "Oracle Linux Local Security Checks ELSA-2013-0521", "modified": "2018-09-28T00:00:00", "published": "2015-10-06T00:00:00", "id": "OPENVAS:1361412562310123701", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310123701", "type": "openvas", "title": "Oracle Linux Local Check: ELSA-2013-0521", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2013-0521.nasl 11688 2018-09-28 13:36:28Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.123701\");\n script_version(\"$Revision: 11688 $\");\n script_tag(name:\"creation_date\", value:\"2015-10-06 14:07:25 +0300 (Tue, 06 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 15:36:28 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2013-0521\");\n script_tag(name:\"insight\", value:\"ELSA-2013-0521 - pam security, bug fix, and enhancement update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2013-0521\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2013-0521.html\");\n script_cve_id(\"CVE-2011-3148\", \"CVE-2011-3149\");\n script_tag(name:\"cvss_base\", value:\"4.6\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux6\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux6\")\n{\n if ((res = isrpmvuln(pkg:\"pam\", rpm:\"pam~1.1.1~13.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"pam-devel\", rpm:\"pam-devel~1.1.1~13.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2017-12-04T11:27:37", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-3149", "CVE-2011-3628", "CVE-2011-3148"], "description": "Ubuntu Update for Linux kernel vulnerabilities USN-1237-1", "modified": "2017-12-01T00:00:00", "published": "2011-10-31T00:00:00", "id": "OPENVAS:840794", "href": "http://plugins.openvas.org/nasl.php?oid=840794", "type": "openvas", "title": "Ubuntu Update for pam USN-1237-1", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1237_1.nasl 7964 2017-12-01 07:32:11Z santu $\n#\n# Ubuntu Update for pam USN-1237-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Kees Cook discovered that the PAM pam_env module incorrectly handled\n certain malformed environment files. A local attacker could use this flaw\n to cause a denial of service, or possibly gain privileges. The default\n compiler options for affected releases should reduce the vulnerability to a\n denial of service. (CVE-2011-3148)\n\n Kees Cook discovered that the PAM pam_env module incorrectly handled\n variable expansion. A local attacker could use this flaw to cause a denial\n of service. (CVE-2011-3149)\n \n Stephane Chazelas discovered that the PAM pam_motd module incorrectly\n cleaned the environment during execution of the motd scripts. In certain\n environments, a local attacker could use this to execute arbitrary code\n as root, and gain privileges.\";\n\ntag_summary = \"Ubuntu Update for Linux kernel vulnerabilities USN-1237-1\";\ntag_affected = \"pam on Ubuntu 11.04 ,\n Ubuntu 10.10 ,\n Ubuntu 10.04 LTS ,\n Ubuntu 8.04 LTS\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-1237-1/\");\n script_id(840794);\n script_version(\"$Revision: 7964 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-01 08:32:11 +0100 (Fri, 01 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-10-31 13:45:00 +0100 (Mon, 31 Oct 2011)\");\n script_xref(name: \"USN\", value: \"1237-1\");\n script_tag(name:\"cvss_base\", value:\"6.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_cve_id(\"CVE-2011-3148\", \"CVE-2011-3149\", \"CVE-2011-3628\");\n script_name(\"Ubuntu Update for pam USN-1237-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU10.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libpam-modules\", ver:\"1.1.1-4ubuntu2.4\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU10.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libpam-modules\", ver:\"1.1.1-2ubuntu5.4\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU11.04\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libpam-modules\", ver:\"1.1.2-2ubuntu8.4\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU8.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libpam-modules\", ver:\"0.99.7.1-5ubuntu6.5\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:39:43", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-3149", "CVE-2011-3628", "CVE-2011-3148"], "description": "Ubuntu Update for Linux kernel vulnerabilities USN-1237-1", "modified": "2019-03-13T00:00:00", "published": "2011-10-31T00:00:00", "id": "OPENVAS:1361412562310840794", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310840794", "type": "openvas", "title": "Ubuntu Update for pam USN-1237-1", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1237_1.nasl 14132 2019-03-13 09:25:59Z cfischer $\n#\n# Ubuntu Update for pam USN-1237-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-1237-1/\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.840794\");\n script_version(\"$Revision: 14132 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 10:25:59 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2011-10-31 13:45:00 +0100 (Mon, 31 Oct 2011)\");\n script_xref(name:\"USN\", value:\"1237-1\");\n script_tag(name:\"cvss_base\", value:\"6.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_cve_id(\"CVE-2011-3148\", \"CVE-2011-3149\", \"CVE-2011-3628\");\n script_name(\"Ubuntu Update for pam USN-1237-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU(10\\.10|10\\.04 LTS|11\\.04|8\\.04 LTS)\");\n script_tag(name:\"summary\", value:\"Ubuntu Update for Linux kernel vulnerabilities USN-1237-1\");\n script_tag(name:\"affected\", value:\"pam on Ubuntu 11.04,\n Ubuntu 10.10,\n Ubuntu 10.04 LTS,\n Ubuntu 8.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"insight\", value:\"Kees Cook discovered that the PAM pam_env module incorrectly handled\n certain malformed environment files. A local attacker could use this flaw\n to cause a denial of service, or possibly gain privileges. The default\n compiler options for affected releases should reduce the vulnerability to a\n denial of service. (CVE-2011-3148)\n\n Kees Cook discovered that the PAM pam_env module incorrectly handled\n variable expansion. A local attacker could use this flaw to cause a denial\n of service. (CVE-2011-3149)\n\n Stephane Chazelas discovered that the PAM pam_motd module incorrectly\n cleaned the environment during execution of the motd scripts. In certain\n environments, a local attacker could use this to execute arbitrary code\n as root, and gain privileges.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU10.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libpam-modules\", ver:\"1.1.1-4ubuntu2.4\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU10.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libpam-modules\", ver:\"1.1.1-2ubuntu5.4\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU11.04\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libpam-modules\", ver:\"1.1.2-2ubuntu8.4\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU8.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libpam-modules\", ver:\"0.99.7.1-5ubuntu6.5\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}], "centos": [{"lastseen": "2020-10-30T13:20:33", "bulletinFamily": "unix", "cvelist": ["CVE-2011-3149", "CVE-2011-3148"], "description": "**CentOS Errata and Security Advisory** CESA-2013:0521\n\n\nPluggable Authentication Modules (PAM) provide a system whereby\nadministrators can set up authentication policies without having to\nrecompile programs to handle authentication.\n\nA stack-based buffer overflow flaw was found in the way the pam_env module\nparsed users' \"~/.pam_environment\" files. If an application's PAM\nconfiguration contained \"user_readenv=1\" (this is not the default), a\nlocal attacker could use this flaw to crash the application or, possibly,\nescalate their privileges. (CVE-2011-3148)\n\nA denial of service flaw was found in the way the pam_env module expanded\ncertain environment variables. If an application's PAM configuration\ncontained \"user_readenv=1\" (this is not the default), a local attacker\ncould use this flaw to cause the application to enter an infinite loop.\n(CVE-2011-3149)\n\nRed Hat would like to thank Kees Cook of the Google ChromeOS Team for\nreporting the CVE-2011-3148 and CVE-2011-3149 issues.\n\nThese updated pam packages include numerous bug fixes and enhancements.\nSpace precludes documenting all of these changes in this advisory. Users\nare directed to the Red Hat Enterprise Linux 6.4 Technical Notes, linked\nto in the References, for information on the most significant of these\nchanges.\n\nAll pam users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues and add these\nenhancements.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2013-March/031500.html\nhttp://lists.centos.org/pipermail/centos-cr-announce/2013-February/006853.html\n\n**Affected packages:**\npam\npam-devel\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2013-0521.html", "edition": 7, "modified": "2013-03-09T00:42:20", "published": "2013-02-27T19:37:13", "href": "http://lists.centos.org/pipermail/centos-cr-announce/2013-February/006853.html", "id": "CESA-2013:0521", "title": "pam security update", "type": "centos", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}], "redhat": [{"lastseen": "2019-08-13T18:47:14", "bulletinFamily": "unix", "cvelist": ["CVE-2011-3148", "CVE-2011-3149"], "description": "Pluggable Authentication Modules (PAM) provide a system whereby\nadministrators can set up authentication policies without having to\nrecompile programs to handle authentication.\n\nA stack-based buffer overflow flaw was found in the way the pam_env module\nparsed users' \"~/.pam_environment\" files. If an application's PAM\nconfiguration contained \"user_readenv=1\" (this is not the default), a\nlocal attacker could use this flaw to crash the application or, possibly,\nescalate their privileges. (CVE-2011-3148)\n\nA denial of service flaw was found in the way the pam_env module expanded\ncertain environment variables. If an application's PAM configuration\ncontained \"user_readenv=1\" (this is not the default), a local attacker\ncould use this flaw to cause the application to enter an infinite loop.\n(CVE-2011-3149)\n\nRed Hat would like to thank Kees Cook of the Google ChromeOS Team for\nreporting the CVE-2011-3148 and CVE-2011-3149 issues.\n\nThese updated pam packages include numerous bug fixes and enhancements.\nSpace precludes documenting all of these changes in this advisory. Users\nare directed to the Red Hat Enterprise Linux 6.4 Technical Notes, linked\nto in the References, for information on the most significant of these\nchanges.\n\nAll pam users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues and add these\nenhancements.\n", "modified": "2018-06-06T20:24:08", "published": "2013-02-21T05:00:00", "id": "RHSA-2013:0521", "href": "https://access.redhat.com/errata/RHSA-2013:0521", "type": "redhat", "title": "(RHSA-2013:0521) Moderate: pam security, bug fix, and enhancement update", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-08-13T18:44:57", "bulletinFamily": "unix", "cvelist": ["CVE-2011-3148", "CVE-2011-3149", "CVE-2011-4355", "CVE-2012-3411", "CVE-2012-3955", "CVE-2012-4508", "CVE-2012-4542", "CVE-2012-5536", "CVE-2013-0157", "CVE-2013-0190", "CVE-2013-0309", "CVE-2013-0310", "CVE-2013-0311"], "description": "The rhev-hypervisor6 package provides a Red Hat Enterprise Virtualization\nHypervisor ISO disk image. The Red Hat Enterprise Virtualization Hypervisor\nis a dedicated Kernel-based Virtual Machine (KVM) hypervisor. It includes\neverything necessary to run and manage virtual machines: A subset of the\nRed Hat Enterprise Linux operating environment and the Red Hat Enterprise\nVirtualization Agent.\n\nNote: Red Hat Enterprise Virtualization Hypervisor is only available for\nthe Intel 64 and AMD64 architectures with virtualization extensions.\n\nA flaw was found in the way the vhost kernel module handled descriptors\nthat spanned multiple regions. A privileged guest user could use this flaw\nto crash the host or, potentially, escalate their privileges on the host.\n(CVE-2013-0311)\n\nIt was found that the default SCSI command filter does not accommodate\ncommands that overlap across device classes. A privileged guest user could\npotentially use this flaw to write arbitrary data to a LUN that is\npassed-through as read-only. (CVE-2012-4542)\n\nIt was discovered that dnsmasq, when used in combination with certain\nlibvirtd configurations, could incorrectly process network packets from\nnetwork interfaces that were intended to be prohibited. A remote,\nunauthenticated attacker could exploit this flaw to cause a denial of\nservice via DNS amplification attacks. (CVE-2012-3411)\n\nThe CVE-2012-4542 issue was discovered by Paolo Bonzini of Red Hat.\n\nThis updated package provides updated components that include fixes for\nseveral security issues. These issues had no security impact on Red Hat\nEnterprise Virtualization Hypervisor itself, however. The security fixes\nincluded in this update address the following CVE numbers:\n\nCVE-2012-3955 (dhcp issue)\n\nCVE-2011-4355 (gdb issue)\n\nCVE-2012-4508, CVE-2013-0190, CVE-2013-0309, and CVE-2013-0310 (kernel\nissues)\n\nCVE-2012-5536 (openssh issue)\n\nCVE-2011-3148 and CVE-2011-3149 (pam issues)\n\nCVE-2013-0157 (util-linux-ng issue)\n\nThis updated Red Hat Enterprise Virtualization Hypervisor package also\nfixes the following bugs:\n\n* Previously, the Administration Portal would always display the option to\nupgrade the Red Hat Enterprise Virtualization Hypervisor ISO regardless of\nwhether or not the selected host was up-to-date. Now, the VDSM version\ncompatibility is considered and the upgrade message only displays if there\nis an upgrade relevant to the host available. (BZ#853092)\n\n* An out of date version of libvirt was included in the Red Hat Enterprise\nVirtualization Hypervisor 6.4 package. As a result, virtual machines with\nsupported CPU models were not being properly parsed by libvirt and failed\nto start. A more recent version of libvirt has been included in this\nupdated hypervisor package. Virtual machines now start normally.\n(BZ#895078)\n\nAs well, this update adds the following enhancement:\n\n* Hypervisor packages now take advantage of the installonlypkg function\nprovided by yum. This allows for multiple versions of the hypervisor\npackage to be installed on a system concurrently without making changes to\nthe yum configuration as was previously required. (BZ#863579)\n\nThis update includes the ovirt-node build from RHBA-2013:0556:\n\n https://rhn.redhat.com/errata/RHBA-2013-0556.html\n\nUsers of the Red Hat Enterprise Virtualization Hypervisor are advised to\nupgrade to this updated package, which fixes these issues and adds this\nenhancement.\n", "modified": "2018-06-07T08:59:40", "published": "2013-02-28T05:00:00", "id": "RHSA-2013:0579", "href": "https://access.redhat.com/errata/RHSA-2013:0579", "type": "redhat", "title": "(RHSA-2013:0579) Important: rhev-hypervisor6 security, bug fix, and enhancement update", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}}], "oraclelinux": [{"lastseen": "2019-05-29T18:38:53", "bulletinFamily": "unix", "cvelist": ["CVE-2011-3149", "CVE-2011-3148"], "description": "[1.1.1-13]\n- fix environment file handling problems - CVE-2011-3148 (#746619) and\n CVE-2011-3148 (#746620)\n[1.1.1-12]\n- add character sequence test to pam_cracklib\n- drop unused difignore option from pam_cracklib (#811243)\n- add enforce_for_root option to pam_cracklib (#588893)\n- mention limits.d in the limits.conf(5) manpage (#723297)\n- add ability to lock out inactive accounts to pam_lastlog\n- fix require_selinux option in pam_namespace (#750601)\n- add mntopts flag for tmpfs polyinstantiation method\n- preserve authtok_type in pam_get_authtok() (#811168)\n- fix username mismatch in pam_unix remember feature (#815516)\n- relax restriction of root in pam_pwhistory\n- relax soft nproc limit for root in 90-nproc.conf\n[1.1.1-11]\n- additional password checks in pam_cracklib", "edition": 4, "modified": "2013-02-22T00:00:00", "published": "2013-02-22T00:00:00", "id": "ELSA-2013-0521", "href": "http://linux.oracle.com/errata/ELSA-2013-0521.html", "title": "pam security, bug fix, and enhancement update", "type": "oraclelinux", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}], "securityvulns": [{"lastseen": "2018-08-31T11:10:42", "bulletinFamily": "software", "cvelist": ["CVE-2011-3149", "CVE-2011-3148"], "description": "-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\n- -------------------------------------------------------------------------\r\nDebian Security Advisory DSA-2326-1 security@debian.org\r\nhttp://www.debian.org/security/ Moritz Muehlenhoff\r\nOctober 24, 2011 http://www.debian.org/security/faq\r\n- -------------------------------------------------------------------------\r\n\r\nPackage : pam\r\nVulnerability : several\r\nProblem type : remote\r\nDebian-specific: no\r\nCVE ID : CVE-2011-3148 CVE-2011-3149 \r\n\r\nKees Cook of the ChromeOS security team discovered a buffer overflow\r\nin pam_env, a PAM module to set environment variables through the\r\nPAM stack, which allowed the execution of arbitrary code. An additional\r\nissue in argument parsing allows denial of service.\r\n\r\nThe oldstable distribution (lenny) is not affected.\r\n\r\nFor the stable distribution (squeeze), this problem has been fixed in\r\nversion 1.1.1-6.1+squeeze1.\r\n\r\nFor the unstable distribution (sid), this problem will be fixed soon\r\n(the impact in sid is limited to denial of service for both issues)\r\n\r\nWe recommend that you upgrade your pam packages.\r\n\r\nFurther information about Debian Security Advisories, how to apply\r\nthese updates to your system and frequently asked questions can be\r\nfound at: http://www.debian.org/security/\r\n\r\nMailing list: debian-security-announce@lists.debian.org\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.11 (GNU/Linux)\r\n\r\niEYEARECAAYFAk6llzAACgkQXm3vHE4uylrMdQCgybIK5IM7aJpoURrNLDHzXG3Y\r\n9gQAoLzLpV8XK+RirEODVs5P4ZcFzztx\r\n=OMIe\r\n-----END PGP SIGNATURE-----\r\n", "edition": 1, "modified": "2011-10-26T00:00:00", "published": "2011-10-26T00:00:00", "id": "SECURITYVULNS:DOC:27215", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:27215", "title": "[SECURITY] [DSA 2326-1] pam security update", "type": "securityvulns", "cvss": {"score": 4.6, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:09:44", "bulletinFamily": "software", "cvelist": ["CVE-2011-3149", "CVE-2011-3148"], "description": "pam_env module buffer overflow", "edition": 1, "modified": "2011-10-26T00:00:00", "published": "2011-10-26T00:00:00", "id": "SECURITYVULNS:VULN:12000", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:12000", "title": "pam buffer overflow", "type": "securityvulns", "cvss": {"score": 4.6, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "amazon": [{"lastseen": "2020-11-10T12:37:03", "bulletinFamily": "unix", "cvelist": ["CVE-2011-3149", "CVE-2011-3148"], "description": "**Issue Overview:**\n\nA stack-based buffer overflow flaw was found in the way the pam_env module parsed users' \"~/.pam_environment\" files. If an application's PAM configuration contained \"user_readenv=1\" (this is not the default), a local attacker could use this flaw to crash the application or, possibly, escalate their privileges. ([CVE-2011-3148 __](<https://access.redhat.com/security/cve/CVE-2011-3148>))\n\nA denial of service flaw was found in the way the pam_env module expanded certain environment variables. If an application's PAM configuration contained \"user_readenv=1\" (this is not the default), a local attacker could use this flaw to cause the application to enter an infinite loop. ([CVE-2011-3149 __](<https://access.redhat.com/security/cve/CVE-2011-3149>))\n\n \n**Affected Packages:** \n\n\npam\n\n \n**Issue Correction:** \nRun _yum update pam_ to update your system.\n\n \n\n\n**New Packages:**\n \n \n i686: \n pam-debuginfo-1.1.1-13.20.amzn1.i686 \n pam-1.1.1-13.20.amzn1.i686 \n pam-devel-1.1.1-13.20.amzn1.i686 \n \n src: \n pam-1.1.1-13.20.amzn1.src \n \n x86_64: \n pam-1.1.1-13.20.amzn1.x86_64 \n pam-debuginfo-1.1.1-13.20.amzn1.x86_64 \n pam-devel-1.1.1-13.20.amzn1.x86_64 \n \n \n", "edition": 4, "modified": "2013-03-02T16:48:00", "published": "2013-03-02T16:48:00", "id": "ALAS-2013-160", "href": "https://alas.aws.amazon.com/ALAS-2013-160.html", "title": "Medium: pam", "type": "amazon", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}], "debian": [{"lastseen": "2020-11-11T13:28:02", "bulletinFamily": "unix", "cvelist": ["CVE-2011-3149", "CVE-2011-3148"], "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-2326-1 security@debian.org\nhttp://www.debian.org/security/ Moritz Muehlenhoff\nOctober 24, 2011 http://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : pam\nVulnerability : several\nProblem type : remote\nDebian-specific: no\nCVE ID : CVE-2011-3148 CVE-2011-3149 \n\nKees Cook of the ChromeOS security team discovered a buffer overflow\nin pam_env, a PAM module to set environment variables through the\nPAM stack, which allowed the execution of arbitrary code. An additional\nissue in argument parsing allows denial of service.\n\nThe oldstable distribution (lenny) is not affected.\n\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 1.1.1-6.1+squeeze1.\n\nFor the unstable distribution (sid), this problem will be fixed soon\n(the impact in sid is limited to denial of service for both issues)\n\nWe recommend that you upgrade your pam packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: http://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "edition": 3, "modified": "2011-10-24T17:06:11", "published": "2011-10-24T17:06:11", "id": "DEBIAN:DSA-2326-1:3D06A", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2011/msg00202.html", "title": "[SECURITY] [DSA 2326-1] pam security update", "type": "debian", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}], "nessus": [{"lastseen": "2020-09-25T09:14:38", "description": "Updated pam packages that fix two security issues, several bugs, and\nadd various enhancements are now available for Red Hat Enterprise\nLinux 6.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nPluggable Authentication Modules (PAM) provide a system whereby\nadministrators can set up authentication policies without having to\nrecompile programs to handle authentication.\n\nA stack-based buffer overflow flaw was found in the way the pam_env\nmodule parsed users' '~/.pam_environment' files. If an application's\nPAM configuration contained 'user_readenv=1' (this is not the\ndefault), a local attacker could use this flaw to crash the\napplication or, possibly, escalate their privileges. (CVE-2011-3148)\n\nA denial of service flaw was found in the way the pam_env module\nexpanded certain environment variables. If an application's PAM\nconfiguration contained 'user_readenv=1' (this is not the default), a\nlocal attacker could use this flaw to cause the application to enter\nan infinite loop. (CVE-2011-3149)\n\nRed Hat would like to thank Kees Cook of the Google ChromeOS Team for\nreporting the CVE-2011-3148 and CVE-2011-3149 issues.\n\nThese updated pam packages include numerous bug fixes and\nenhancements. Space precludes documenting all of these changes in this\nadvisory. Users are directed to the Red Hat Enterprise Linux 6.4\nTechnical Notes, linked to in the References, for information on the\nmost significant of these changes.\n\nAll pam users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues and add these\nenhancements.", "edition": 25, "published": "2013-02-21T00:00:00", "title": "RHEL 6 : pam (RHSA-2013:0521)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-3149", "CVE-2011-3148"], "modified": "2013-02-21T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:pam-devel", "p-cpe:/a:redhat:enterprise_linux:pam-debuginfo", "cpe:/o:redhat:enterprise_linux:6", "p-cpe:/a:redhat:enterprise_linux:pam"], "id": "REDHAT-RHSA-2013-0521.NASL", "href": "https://www.tenable.com/plugins/nessus/64768", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2013:0521. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(64768);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/09/24\");\n\n script_cve_id(\"CVE-2011-3148\", \"CVE-2011-3149\");\n script_xref(name:\"RHSA\", value:\"2013:0521\");\n\n script_name(english:\"RHEL 6 : pam (RHSA-2013:0521)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated pam packages that fix two security issues, several bugs, and\nadd various enhancements are now available for Red Hat Enterprise\nLinux 6.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nPluggable Authentication Modules (PAM) provide a system whereby\nadministrators can set up authentication policies without having to\nrecompile programs to handle authentication.\n\nA stack-based buffer overflow flaw was found in the way the pam_env\nmodule parsed users' '~/.pam_environment' files. If an application's\nPAM configuration contained 'user_readenv=1' (this is not the\ndefault), a local attacker could use this flaw to crash the\napplication or, possibly, escalate their privileges. (CVE-2011-3148)\n\nA denial of service flaw was found in the way the pam_env module\nexpanded certain environment variables. If an application's PAM\nconfiguration contained 'user_readenv=1' (this is not the default), a\nlocal attacker could use this flaw to cause the application to enter\nan infinite loop. (CVE-2011-3149)\n\nRed Hat would like to thank Kees Cook of the Google ChromeOS Team for\nreporting the CVE-2011-3148 and CVE-2011-3149 issues.\n\nThese updated pam packages include numerous bug fixes and\nenhancements. Space precludes documenting all of these changes in this\nadvisory. Users are directed to the Red Hat Enterprise Linux 6.4\nTechnical Notes, linked to in the References, for information on the\nmost significant of these changes.\n\nAll pam users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues and add these\nenhancements.\"\n );\n # https://access.redhat.com/knowledge/docs/en-US/Red_Hat_Enterprise_Linux/6/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?b5caa05f\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2013:0521\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-3149\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-3148\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected pam, pam-debuginfo and / or pam-devel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:pam\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:pam-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:pam-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/07/22\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/02/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/02/21\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2013:0521\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL6\", reference:\"pam-1.1.1-13.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"pam-debuginfo-1.1.1-13.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"pam-devel-1.1.1-13.el6\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"pam / pam-debuginfo / pam-devel\");\n }\n}\n", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-01T01:18:20", "description": "A stack-based buffer overflow flaw was found in the way the pam_env\nmodule parsed users' '~/.pam_environment' files. If an application's\nPAM configuration contained 'user_readenv=1' (this is not the\ndefault), a local attacker could use this flaw to crash the\napplication or, possibly, escalate their privileges. (CVE-2011-3148)\n\nA denial of service flaw was found in the way the pam_env module\nexpanded certain environment variables. If an application's PAM\nconfiguration contained 'user_readenv=1' (this is not the default), a\nlocal attacker could use this flaw to cause the application to enter\nan infinite loop. (CVE-2011-3149)", "edition": 24, "published": "2013-09-04T00:00:00", "title": "Amazon Linux AMI : pam (ALAS-2013-160)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-3149", "CVE-2011-3148"], "modified": "2021-01-02T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:pam", "p-cpe:/a:amazon:linux:pam-devel", "p-cpe:/a:amazon:linux:pam-debuginfo", "cpe:/o:amazon:linux"], "id": "ALA_ALAS-2013-160.NASL", "href": "https://www.tenable.com/plugins/nessus/69719", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2013-160.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(69719);\n script_version(\"1.5\");\n script_cvs_date(\"Date: 2018/04/18 15:09:34\");\n\n script_cve_id(\"CVE-2011-3148\", \"CVE-2011-3149\");\n script_xref(name:\"ALAS\", value:\"2013-160\");\n script_xref(name:\"RHSA\", value:\"2013:0521\");\n\n script_name(english:\"Amazon Linux AMI : pam (ALAS-2013-160)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Amazon Linux AMI host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A stack-based buffer overflow flaw was found in the way the pam_env\nmodule parsed users' '~/.pam_environment' files. If an application's\nPAM configuration contained 'user_readenv=1' (this is not the\ndefault), a local attacker could use this flaw to crash the\napplication or, possibly, escalate their privileges. (CVE-2011-3148)\n\nA denial of service flaw was found in the way the pam_env module\nexpanded certain environment variables. If an application's PAM\nconfiguration contained 'user_readenv=1' (this is not the default), a\nlocal attacker could use this flaw to cause the application to enter\nan infinite loop. (CVE-2011-3149)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/ALAS-2013-160.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Run 'yum update pam' to update your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:pam\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:pam-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:pam-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/03/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/09/04\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"ALA\", reference:\"pam-1.1.1-13.20.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"pam-debuginfo-1.1.1-13.20.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"pam-devel-1.1.1-13.20.amzn1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"pam / pam-debuginfo / pam-devel\");\n}\n", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-01T05:56:44", "description": "The pam_env module is vulnerable to a stack overflow (CVE-2011-3148)\nand a DoS condition (CVE-2011-3149) when parsing users\n.pam_environment files.", "edition": 23, "published": "2014-06-13T00:00:00", "title": "openSUSE Security Update : pam (openSUSE-SU-2011:1204-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-3149", "CVE-2011-3148"], "modified": "2021-01-02T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:pam-debuginfo", "p-cpe:/a:novell:opensuse:pam-devel-32bit", "p-cpe:/a:novell:opensuse:pam-debugsource", "cpe:/o:novell:opensuse:11.4", "p-cpe:/a:novell:opensuse:pam-32bit", "p-cpe:/a:novell:opensuse:pam-devel", "p-cpe:/a:novell:opensuse:pam-debuginfo-32bit", "p-cpe:/a:novell:opensuse:pam"], "id": "SUSE_11_4_PAM-111025.NASL", "href": "https://www.tenable.com/plugins/nessus/75991", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update pam-5330.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(75991);\n script_version(\"1.4\");\n script_cvs_date(\"Date: 2019/10/25 13:36:42\");\n\n script_cve_id(\"CVE-2011-3148\", \"CVE-2011-3149\");\n\n script_name(english:\"openSUSE Security Update : pam (openSUSE-SU-2011:1204-1)\");\n script_summary(english:\"Check for the pam-5330 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The pam_env module is vulnerable to a stack overflow (CVE-2011-3148)\nand a DoS condition (CVE-2011-3149) when parsing users\n.pam_environment files.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=724480\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2011-11/msg00002.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected pam packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:pam\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:pam-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:pam-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:pam-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:pam-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:pam-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:pam-devel-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.4\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/10/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.4)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.4\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.4\", reference:\"pam-1.1.3-4.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"pam-debuginfo-1.1.3-4.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"pam-debugsource-1.1.3-4.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"pam-devel-1.1.3-4.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", cpu:\"x86_64\", reference:\"pam-32bit-1.1.3-4.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", cpu:\"x86_64\", reference:\"pam-debuginfo-32bit-1.1.3-4.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", cpu:\"x86_64\", reference:\"pam-devel-32bit-1.1.3-4.9.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"pam\");\n}\n", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-09-25T09:49:57", "description": "A stack-based buffer overflow flaw was found in the way the pam_env\nmodule parsed users' '~/.pam_environment' files. If an application's\nPAM configuration contained 'user_readenv=1' (this is not the\ndefault), a local attacker could use this flaw to crash the\napplication or, possibly, escalate their privileges. (CVE-2011-3148)\n\nA denial of service flaw was found in the way the pam_env module\nexpanded certain environment variables. If an application's PAM\nconfiguration contained 'user_readenv=1' (this is not the default), a\nlocal attacker could use this flaw to cause the application to enter\nan infinite loop. (CVE-2011-3149)", "edition": 15, "published": "2013-03-01T00:00:00", "title": "Scientific Linux Security Update : pam on SL6.x i386/x86_64 (20130221)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-3149", "CVE-2011-3148"], "modified": "2013-03-01T00:00:00", "cpe": ["p-cpe:/a:fermilab:scientific_linux:pam", "p-cpe:/a:fermilab:scientific_linux:pam-debuginfo", "x-cpe:/o:fermilab:scientific_linux", "p-cpe:/a:fermilab:scientific_linux:pam-devel"], "id": "SL_20130221_PAM_ON_SL6_X.NASL", "href": "https://www.tenable.com/plugins/nessus/64955", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(64955);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/09/24\");\n\n script_cve_id(\"CVE-2011-3148\", \"CVE-2011-3149\");\n\n script_name(english:\"Scientific Linux Security Update : pam on SL6.x i386/x86_64 (20130221)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A stack-based buffer overflow flaw was found in the way the pam_env\nmodule parsed users' '~/.pam_environment' files. If an application's\nPAM configuration contained 'user_readenv=1' (this is not the\ndefault), a local attacker could use this flaw to crash the\napplication or, possibly, escalate their privileges. (CVE-2011-3148)\n\nA denial of service flaw was found in the way the pam_env module\nexpanded certain environment variables. If an application's PAM\nconfiguration contained 'user_readenv=1' (this is not the default), a\nlocal attacker could use this flaw to cause the application to enter\nan infinite loop. (CVE-2011-3149)\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1302&L=scientific-linux-errata&T=0&P=5405\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?16ca78d7\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected pam, pam-debuginfo and / or pam-devel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:pam\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:pam-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:pam-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/07/22\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/02/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/03/01\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nos_ver = pregmatch(pattern: \"Scientific Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Scientific Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Scientific Linux 6.x\", \"Scientific Linux \" + os_ver);\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL6\", reference:\"pam-1.1.1-13.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"pam-debuginfo-1.1.1-13.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"pam-devel-1.1.1-13.el6\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"pam / pam-debuginfo / pam-devel\");\n}\n", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-06T09:28:33", "description": "Updated pam packages that fix two security issues, several bugs, and\nadd various enhancements are now available for Red Hat Enterprise\nLinux 6.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nPluggable Authentication Modules (PAM) provide a system whereby\nadministrators can set up authentication policies without having to\nrecompile programs to handle authentication.\n\nA stack-based buffer overflow flaw was found in the way the pam_env\nmodule parsed users' '~/.pam_environment' files. If an application's\nPAM configuration contained 'user_readenv=1' (this is not the\ndefault), a local attacker could use this flaw to crash the\napplication or, possibly, escalate their privileges. (CVE-2011-3148)\n\nA denial of service flaw was found in the way the pam_env module\nexpanded certain environment variables. If an application's PAM\nconfiguration contained 'user_readenv=1' (this is not the default), a\nlocal attacker could use this flaw to cause the application to enter\nan infinite loop. (CVE-2011-3149)\n\nRed Hat would like to thank Kees Cook of the Google ChromeOS Team for\nreporting the CVE-2011-3148 and CVE-2011-3149 issues.\n\nThese updated pam packages include numerous bug fixes and\nenhancements. Space precludes documenting all of these changes in this\nadvisory. Users are directed to the Red Hat Enterprise Linux 6.4\nTechnical Notes, linked to in the References, for information on the\nmost significant of these changes.\n\nAll pam users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues and add these\nenhancements.", "edition": 25, "published": "2013-03-10T00:00:00", "title": "CentOS 6 : pam (CESA-2013:0521)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-3149", "CVE-2011-3148"], "modified": "2013-03-10T00:00:00", "cpe": ["p-cpe:/a:centos:centos:pam-devel", "cpe:/o:centos:centos:6", "p-cpe:/a:centos:centos:pam"], "id": "CENTOS_RHSA-2013-0521.NASL", "href": "https://www.tenable.com/plugins/nessus/65152", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2013:0521 and \n# CentOS Errata and Security Advisory 2013:0521 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(65152);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2011-3148\", \"CVE-2011-3149\");\n script_bugtraq_id(50343);\n script_xref(name:\"RHSA\", value:\"2013:0521\");\n\n script_name(english:\"CentOS 6 : pam (CESA-2013:0521)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated pam packages that fix two security issues, several bugs, and\nadd various enhancements are now available for Red Hat Enterprise\nLinux 6.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nPluggable Authentication Modules (PAM) provide a system whereby\nadministrators can set up authentication policies without having to\nrecompile programs to handle authentication.\n\nA stack-based buffer overflow flaw was found in the way the pam_env\nmodule parsed users' '~/.pam_environment' files. If an application's\nPAM configuration contained 'user_readenv=1' (this is not the\ndefault), a local attacker could use this flaw to crash the\napplication or, possibly, escalate their privileges. (CVE-2011-3148)\n\nA denial of service flaw was found in the way the pam_env module\nexpanded certain environment variables. If an application's PAM\nconfiguration contained 'user_readenv=1' (this is not the default), a\nlocal attacker could use this flaw to cause the application to enter\nan infinite loop. (CVE-2011-3149)\n\nRed Hat would like to thank Kees Cook of the Google ChromeOS Team for\nreporting the CVE-2011-3148 and CVE-2011-3149 issues.\n\nThese updated pam packages include numerous bug fixes and\nenhancements. Space precludes documenting all of these changes in this\nadvisory. Users are directed to the Red Hat Enterprise Linux 6.4\nTechnical Notes, linked to in the References, for information on the\nmost significant of these changes.\n\nAll pam users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues and add these\nenhancements.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2013-March/019462.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?a66dcc2d\"\n );\n # https://lists.centos.org/pipermail/centos-cr-announce/2013-February/000653.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?c91523f5\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected pam packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2011-3148\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:pam\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:pam-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/07/22\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/03/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/03/10\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 6.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-6\", reference:\"pam-1.1.1-13.el6\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"pam-devel-1.1.1-13.el6\")) flag++;\n\n\nif (flag)\n{\n cr_plugin_caveat = '\\n' +\n 'NOTE: The security advisory associated with this vulnerability has a\\n' +\n 'fixed package version that may only be available in the continuous\\n' +\n 'release (CR) repository for CentOS, until it is present in the next\\n' +\n 'point release of CentOS.\\n\\n' +\n\n 'If an equal or higher package level does not exist in the baseline\\n' +\n 'repository for your major version of CentOS, then updates from the CR\\n' +\n 'repository will need to be applied in order to address the\\n' +\n 'vulnerability.\\n';\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + cr_plugin_caveat\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"pam / pam-devel\");\n}\n", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-09-25T08:55:42", "description": "From Red Hat Security Advisory 2013:0521 :\n\nUpdated pam packages that fix two security issues, several bugs, and\nadd various enhancements are now available for Red Hat Enterprise\nLinux 6.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nPluggable Authentication Modules (PAM) provide a system whereby\nadministrators can set up authentication policies without having to\nrecompile programs to handle authentication.\n\nA stack-based buffer overflow flaw was found in the way the pam_env\nmodule parsed users' '~/.pam_environment' files. If an application's\nPAM configuration contained 'user_readenv=1' (this is not the\ndefault), a local attacker could use this flaw to crash the\napplication or, possibly, escalate their privileges. (CVE-2011-3148)\n\nA denial of service flaw was found in the way the pam_env module\nexpanded certain environment variables. If an application's PAM\nconfiguration contained 'user_readenv=1' (this is not the default), a\nlocal attacker could use this flaw to cause the application to enter\nan infinite loop. (CVE-2011-3149)\n\nRed Hat would like to thank Kees Cook of the Google ChromeOS Team for\nreporting the CVE-2011-3148 and CVE-2011-3149 issues.\n\nThese updated pam packages include numerous bug fixes and\nenhancements. Space precludes documenting all of these changes in this\nadvisory. Users are directed to the Red Hat Enterprise Linux 6.4\nTechnical Notes, linked to in the References, for information on the\nmost significant of these changes.\n\nAll pam users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues and add these\nenhancements.", "edition": 21, "published": "2013-07-12T00:00:00", "title": "Oracle Linux 6 : pam (ELSA-2013-0521)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-3149", "CVE-2011-3148"], "modified": "2013-07-12T00:00:00", "cpe": ["cpe:/o:oracle:linux:6", "p-cpe:/a:oracle:linux:pam", "p-cpe:/a:oracle:linux:pam-devel"], "id": "ORACLELINUX_ELSA-2013-0521.NASL", "href": "https://www.tenable.com/plugins/nessus/68757", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2013:0521 and \n# Oracle Linux Security Advisory ELSA-2013-0521 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(68757);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/09/24\");\n\n script_cve_id(\"CVE-2011-3148\", \"CVE-2011-3149\");\n script_bugtraq_id(50343);\n script_xref(name:\"RHSA\", value:\"2013:0521\");\n\n script_name(english:\"Oracle Linux 6 : pam (ELSA-2013-0521)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2013:0521 :\n\nUpdated pam packages that fix two security issues, several bugs, and\nadd various enhancements are now available for Red Hat Enterprise\nLinux 6.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nPluggable Authentication Modules (PAM) provide a system whereby\nadministrators can set up authentication policies without having to\nrecompile programs to handle authentication.\n\nA stack-based buffer overflow flaw was found in the way the pam_env\nmodule parsed users' '~/.pam_environment' files. If an application's\nPAM configuration contained 'user_readenv=1' (this is not the\ndefault), a local attacker could use this flaw to crash the\napplication or, possibly, escalate their privileges. (CVE-2011-3148)\n\nA denial of service flaw was found in the way the pam_env module\nexpanded certain environment variables. If an application's PAM\nconfiguration contained 'user_readenv=1' (this is not the default), a\nlocal attacker could use this flaw to cause the application to enter\nan infinite loop. (CVE-2011-3149)\n\nRed Hat would like to thank Kees Cook of the Google ChromeOS Team for\nreporting the CVE-2011-3148 and CVE-2011-3149 issues.\n\nThese updated pam packages include numerous bug fixes and\nenhancements. Space precludes documenting all of these changes in this\nadvisory. Users are directed to the Red Hat Enterprise Linux 6.4\nTechnical Notes, linked to in the References, for information on the\nmost significant of these changes.\n\nAll pam users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues and add these\nenhancements.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2013-February/003283.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected pam packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:pam\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:pam-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/07/22\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/02/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 6\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL6\", reference:\"pam-1.1.1-13.el6\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"pam-devel-1.1.1-13.el6\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"pam / pam-devel\");\n}\n", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-12T09:47:05", "description": "Kees Cook of the ChromeOS security team discovered a buffer overflow\nin pam_env, a PAM module to set environment variables through the PAM\nstack, which allowed the execution of arbitrary code. An additional\nissue in argument parsing allows denial of service.\n\nThe oldstable distribution (lenny) is not affected.", "edition": 16, "published": "2011-10-25T00:00:00", "title": "Debian DSA-2326-1 : pam - several vulnerabilities", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-3149", "CVE-2011-3148"], "modified": "2011-10-25T00:00:00", "cpe": ["cpe:/o:debian:debian_linux:6.0", "p-cpe:/a:debian:debian_linux:pam"], "id": "DEBIAN_DSA-2326.NASL", "href": "https://www.tenable.com/plugins/nessus/56622", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-2326. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(56622);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2011-3148\", \"CVE-2011-3149\");\n script_xref(name:\"DSA\", value:\"2326\");\n\n script_name(english:\"Debian DSA-2326-1 : pam - several vulnerabilities\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Kees Cook of the ChromeOS security team discovered a buffer overflow\nin pam_env, a PAM module to set environment variables through the PAM\nstack, which allowed the execution of arbitrary code. An additional\nissue in argument parsing allows denial of service.\n\nThe oldstable distribution (lenny) is not affected.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/squeeze/pam\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2011/dsa-2326\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the pam packages.\n\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 1.1.1-6.1+squeeze1.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:pam\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:6.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/10/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/10/25\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"6.0\", prefix:\"libpam-cracklib\", reference:\"1.1.1-6.1+squeeze1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libpam-doc\", reference:\"1.1.1-6.1+squeeze1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libpam-modules\", reference:\"1.1.1-6.1+squeeze1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libpam-runtime\", reference:\"1.1.1-6.1+squeeze1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libpam0g\", reference:\"1.1.1-6.1+squeeze1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libpam0g-dev\", reference:\"1.1.1-6.1+squeeze1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-01T06:33:00", "description": "The pam_env module is vulnerable to a stack overflow (CVE-2011-3148)\nand a DoS condition (CVE-2011-3149) when parsing users\n.pam_environment files. Additionally a missing return value check\ninside pam_xauth has been fixed. (CVE-2010-3316)", "edition": 22, "published": "2011-12-13T00:00:00", "title": "SuSE 10 Security Update : pam (ZYPP Patch Number 7814)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-3149", "CVE-2010-3316", "CVE-2011-3148"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/o:suse:suse_linux"], "id": "SUSE_PAM-7814.NASL", "href": "https://www.tenable.com/plugins/nessus/57239", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(57239);\n script_version (\"1.5\");\n script_cvs_date(\"Date: 2019/10/25 13:36:43\");\n\n script_cve_id(\"CVE-2010-3316\", \"CVE-2011-3148\", \"CVE-2011-3149\");\n\n script_name(english:\"SuSE 10 Security Update : pam (ZYPP Patch Number 7814)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 10 host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The pam_env module is vulnerable to a stack overflow (CVE-2011-3148)\nand a DoS condition (CVE-2011-3149) when parsing users\n.pam_environment files. Additionally a missing return value check\ninside pam_xauth has been fixed. (CVE-2010-3316)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-3316.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-3148.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-3149.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply ZYPP patch number 7814.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:suse:suse_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/10/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/12/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2019 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/SuSE/release\")) exit(0, \"The host is not running SuSE.\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) exit(1, \"Could not obtain the list of installed packages.\");\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) exit(1, \"Failed to determine the architecture type.\");\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") exit(1, \"Local checks for SuSE 10 on the '\"+cpu+\"' architecture have not been implemented.\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED10\", sp:4, reference:\"pam-0.99.6.3-28.25.4\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:4, reference:\"pam-devel-0.99.6.3-28.25.4\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:4, cpu:\"x86_64\", reference:\"pam-32bit-0.99.6.3-28.25.4\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, reference:\"pam-0.99.6.3-28.25.4\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, reference:\"pam-devel-0.99.6.3-28.25.4\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, cpu:\"x86_64\", reference:\"pam-32bit-0.99.6.3-28.25.4\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, cpu:\"x86_64\", reference:\"pam-devel-32bit-0.99.6.3-28.25.4\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-01T06:36:48", "description": "Kees Cook discovered that the PAM pam_env module incorrectly handled\ncertain malformed environment files. A local attacker could use this\nflaw to cause a denial of service, or possibly gain privileges. The\ndefault compiler options for affected releases should reduce the\nvulnerability to a denial of service. (CVE-2011-3148)\n\nKees Cook discovered that the PAM pam_env module incorrectly handled\nvariable expansion. A local attacker could use this flaw to cause a\ndenial of service. (CVE-2011-3149)\n\nStephane Chazelas discovered that the PAM pam_motd module incorrectly\ncleaned the environment during execution of the motd scripts. In\ncertain environments, a local attacker could use this to execute\narbitrary code as root, and gain privileges.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 24, "published": "2011-10-25T00:00:00", "title": "Ubuntu 8.04 LTS / 10.04 LTS / 10.10 / 11.04 / 11.10 : pam vulnerabilities (USN-1237-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-3149", "CVE-2011-3628", "CVE-2011-3148"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:11.10", "p-cpe:/a:canonical:ubuntu_linux:libpam-modules", "cpe:/o:canonical:ubuntu_linux:11.04", "cpe:/o:canonical:ubuntu_linux:10.04:-:lts", "cpe:/o:canonical:ubuntu_linux:8.04:-:lts", "cpe:/o:canonical:ubuntu_linux:10.10"], "id": "UBUNTU_USN-1237-1.NASL", "href": "https://www.tenable.com/plugins/nessus/56629", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-1237-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(56629);\n script_version(\"1.12\");\n script_cvs_date(\"Date: 2019/09/19 12:54:27\");\n\n script_cve_id(\"CVE-2011-3148\", \"CVE-2011-3149\", \"CVE-2011-3628\");\n script_xref(name:\"USN\", value:\"1237-1\");\n\n script_name(english:\"Ubuntu 8.04 LTS / 10.04 LTS / 10.10 / 11.04 / 11.10 : pam vulnerabilities (USN-1237-1)\");\n script_summary(english:\"Checks dpkg output for updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Ubuntu host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Kees Cook discovered that the PAM pam_env module incorrectly handled\ncertain malformed environment files. A local attacker could use this\nflaw to cause a denial of service, or possibly gain privileges. The\ndefault compiler options for affected releases should reduce the\nvulnerability to a denial of service. (CVE-2011-3148)\n\nKees Cook discovered that the PAM pam_env module incorrectly handled\nvariable expansion. A local attacker could use this flaw to cause a\ndenial of service. (CVE-2011-3149)\n\nStephane Chazelas discovered that the PAM pam_motd module incorrectly\ncleaned the environment during execution of the motd scripts. In\ncertain environments, a local attacker could use this to execute\narbitrary code as root, and gain privileges.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/1237-1/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libpam-modules package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libpam-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:10.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:10.10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:11.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:11.10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:8.04:-:lts\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/07/22\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/10/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/10/25\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2011-2019 Canonical, Inc. / NASL script (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(8\\.04|10\\.04|10\\.10|11\\.04|11\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 8.04 / 10.04 / 10.10 / 11.04 / 11.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"8.04\", pkgname:\"libpam-modules\", pkgver:\"0.99.7.1-5ubuntu6.5\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"libpam-modules\", pkgver:\"1.1.1-2ubuntu5.4\")) flag++;\nif (ubuntu_check(osver:\"10.10\", pkgname:\"libpam-modules\", pkgver:\"1.1.1-4ubuntu2.4\")) flag++;\nif (ubuntu_check(osver:\"11.04\", pkgname:\"libpam-modules\", pkgver:\"1.1.2-2ubuntu8.4\")) flag++;\nif (ubuntu_check(osver:\"11.10\", pkgname:\"libpam-modules\", pkgver:\"1.1.3-2ubuntu2.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libpam-modules\");\n}\n", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-01T06:01:11", "description": "The pam_env module is vulnerable to a stack overflow (CVE-2011-3148)\nand a DoS condition (CVE-2011-3149) when parsing users\n.pam_environment files. Additionally a missing return value check\ninside pam_xauth has been fixed. (CVE-2010-3316)", "edition": 22, "published": "2011-12-13T00:00:00", "title": "SuSE 11.1 Security Update : pam (SAT Patch Number 5342)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-3149", "CVE-2010-3316", "CVE-2011-3148"], "modified": "2021-01-02T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:11:pam-32bit", "cpe:/o:novell:suse_linux:11", "p-cpe:/a:novell:suse_linux:11:pam", "p-cpe:/a:novell:suse_linux:11:pam-doc"], "id": "SUSE_11_PAM-111025.NASL", "href": "https://www.tenable.com/plugins/nessus/57126", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from SuSE 11 update information. The text itself is\n# copyright (C) Novell, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(57126);\n script_version(\"1.5\");\n script_cvs_date(\"Date: 2019/10/25 13:36:43\");\n\n script_cve_id(\"CVE-2010-3316\", \"CVE-2011-3148\", \"CVE-2011-3149\");\n\n script_name(english:\"SuSE 11.1 Security Update : pam (SAT Patch Number 5342)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 11 host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The pam_env module is vulnerable to a stack overflow (CVE-2011-3148)\nand a DoS condition (CVE-2011-3149) when parsing users\n.pam_environment files. Additionally a missing return value check\ninside pam_xauth has been fixed. (CVE-2010-3316)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=631802\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=724480\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=726071\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-3316.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-3148.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-3149.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply SAT patch number 5342.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:pam\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:pam-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:pam-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/10/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/12/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2019 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)11\") audit(AUDIT_OS_NOT, \"SuSE 11\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SuSE 11\", cpu);\n\npl = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(pl) || int(pl) != 1) audit(AUDIT_OS_NOT, \"SuSE 11.1\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"pam-1.0.4-0.7.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"pam-doc-1.0.4-0.7.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"pam-1.0.4-0.7.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"pam-32bit-1.0.4-0.7.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"pam-doc-1.0.4-0.7.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"pam-1.0.4-0.7.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"pam-doc-1.0.4-0.7.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"s390x\", reference:\"pam-32bit-1.0.4-0.7.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"x86_64\", reference:\"pam-32bit-1.0.4-0.7.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}], "ubuntu": [{"lastseen": "2020-07-09T00:23:12", "bulletinFamily": "unix", "cvelist": ["CVE-2011-3149", "CVE-2011-3628", "CVE-2011-3148"], "description": "Kees Cook discovered that the PAM pam_env module incorrectly handled \ncertain malformed environment files. A local attacker could use this flaw \nto cause a denial of service, or possibly gain privileges. The default \ncompiler options for affected releases should reduce the vulnerability to a \ndenial of service. (CVE-2011-3148)\n\nKees Cook discovered that the PAM pam_env module incorrectly handled \nvariable expansion. A local attacker could use this flaw to cause a denial \nof service. (CVE-2011-3149)\n\nStephane Chazelas discovered that the PAM pam_motd module incorrectly \ncleaned the environment during execution of the motd scripts. In certain \nenvironments, a local attacker could use this to execute arbitrary code \nas root, and gain privileges.", "edition": 5, "modified": "2011-10-24T00:00:00", "published": "2011-10-24T00:00:00", "id": "USN-1237-1", "href": "https://ubuntu.com/security/notices/USN-1237-1", "title": "PAM vulnerabilities", "type": "ubuntu", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}], "fedora": [{"lastseen": "2020-12-21T08:17:50", "bulletinFamily": "unix", "cvelist": ["CVE-2011-3149"], "description": "PAM (Pluggable Authentication Modules) is a system security tool that allows system administrators to set authentication policy without having to recompile programs that handle authentication. ", "modified": "2011-12-04T02:23:38", "published": "2011-12-04T02:23:38", "id": "FEDORA:AFACE21569", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 16 Update: pam-1.1.5-1.fc16", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-12-21T08:17:50", "bulletinFamily": "unix", "cvelist": ["CVE-2011-3149"], "description": "PAM (Pluggable Authentication Modules) is a system security tool that allows system administrators to set authentication policy without having to recompile programs that handle authentication. ", "modified": "2011-12-10T20:05:01", "published": "2011-12-10T20:05:01", "id": "FEDORA:4CFA621077", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 15 Update: pam-1.1.5-1.fc15", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P"}}], "gentoo": [{"lastseen": "2016-09-06T19:46:57", "bulletinFamily": "unix", "cvelist": ["CVE-2010-4706", "CVE-2011-3149", "CVE-2010-4707", "CVE-2010-3316", "CVE-2010-3430", "CVE-2011-3148", "CVE-2010-4708", "CVE-2010-3431", "CVE-2010-3435", "CVE-2010-3853"], "description": "### Background\n\nLinux-PAM (Pluggable Authentication Modules) is an architecture allowing the separation of the development of privilege granting software from the development of secure and appropriate authentication schemes. \n\n### Description\n\nMultiple vulnerabilities have been discovered in Linux-PAM. Please review the CVE identifiers referenced below for details. \n\n### Impact\n\nA local attacker could use specially crafted files to cause a buffer overflow, possibly resulting in privilege escalation or Denial of Service. Furthermore, a local attacker could execute specially crafted programs or symlink attacks, possibly resulting in data loss or disclosure of sensitive information. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll Linux-PAM users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=sys-libs/pam-1.1.5\"\n \n\nNOTE: This is a legacy GLSA. Updates for all affected architectures are available since November 25, 2011. It is likely that your system is already no longer affected by this issue.", "edition": 1, "modified": "2012-06-25T00:00:00", "published": "2012-06-25T00:00:00", "id": "GLSA-201206-31", "href": "https://security.gentoo.org/glsa/201206-31", "type": "gentoo", "title": "Linux-PAM: Multiple vulnerabilities", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}
