Environment Variable Overflow in Linux-PAM Affects Local User Security
CVE-2011-3149

Currently unrated

Key Information:

Vendor: Linux-pam
Status: Linux-pam
Vendor: CVE Published:; 22 July 2012

What is CVE-2011-3149?

The _expand_arg function in the pam_env module of Linux-PAM prior to version 1.1.5 contains a flaw that can allow local users to exploit the environment variable expansion process. This vulnerability enables attackers to generate excessive CPU consumption, leading to a Denial of Service condition. Ensuring up-to-date configurations is critical to mitigating this risk.

References

http://security.gentoo.org/glsa/glsa-201206-31.xml

vendor-advisoryx_refsource_GENTOO

http://www.ubuntu.com/usn/USN-1237-1

vendor-advisoryx_refsource_UBUNTU

http://secunia.com/advisories/46583

third-party-advisoryx_refsource_SECUNIA

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 22, 2012
Vulnerability Reserved
Aug 16, 2011

Linux-pam

What is CVE-2011-3149?

References

Timeline