CVE-2011-3148

Publication date 24 October 2011

Last updated 24 July 2024

Ubuntu priority

Stack-based buffer overflow in the _assemble_line function in modules/pam_env/pam_env.c in Linux-PAM (aka pam) before 1.1.5 allows local users to cause a denial of service (crash) and possibly execute arbitrary code via a long string of white spaces at the beginning of the ~/.pam_environment file.

Status

Show unmaintained releases

No maintained releases are affected by this CVE.

Package	Ubuntu Release	Status
pam	11.10 oneiric	Fixed 1.1.3-2ubuntu2.1
	11.04 natty	Fixed 1.1.2-2ubuntu8.4
	10.10 maverick	Fixed 1.1.1-4ubuntu2.4
	10.04 LTS lucid	Fixed 1.1.1-2ubuntu5.4
	8.04 LTS hardy	Fixed 0.99.7.1-5ubuntu6.5

How can I get the fixes?
What do statuses mean?

References

MITRE
NVD
Launchpad
Debian

Related Ubuntu Security Notices (USN)

USN-1237-1
PAM vulnerabilities
24 October 2011

Other references

https://www.cve.org/CVERecord?id=CVE-2011-3148