Stack-based Buffer Overflow in Linux-PAM by Linux
CVE-2011-3148

Currently unrated

Key Information:

Vendor: Linux-pam
Status: Linux-pam
Vendor: CVE Published:; 22 July 2012

What is CVE-2011-3148?

The vulnerability in Linux-PAM arises from a stack-based buffer overflow in the _assemble_line function within the modules/pam_env/pam_env.c file. Local users can exploit this vulnerability by manipulating the ~/.pam_environment file with a lengthy string of white spaces, leading to a denial of service which may potentially allow the execution of arbitrary code. This issue affects Linux-PAM versions prior to 1.1.5 and poses a significant risk to systems utilizing this authentication module.

References

https://bugs.launchpad.net/ubuntu/+source/pam/+bug/874469

x_refsource_CONFIRM

http://security.gentoo.org/glsa/glsa-201206-31.xml

vendor-advisoryx_refsource_GENTOO

http://www.ubuntu.com/usn/USN-1237-1

vendor-advisoryx_refsource_UBUNTU

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 22, 2012
Vulnerability Reserved
Aug 16, 2011

Linux-pam

What is CVE-2011-3148?

References

Timeline