Your submission was sent successfully! Close

CVE-2011-3148

Published: 24 October 2011

Stack-based buffer overflow in the _assemble_line function in modules/pam_env/pam_env.c in Linux-PAM (aka pam) before 1.1.5 allows local users to cause a denial of service (crash) and possibly execute arbitrary code via a long string of white spaces at the beginning of the ~/.pam_environment file.

Priority

Medium

Status

Package Release Status
pam
Launchpad, Ubuntu, Debian
hardy
Released (0.99.7.1-5ubuntu6.5)
lucid
Released (1.1.1-2ubuntu5.4)
maverick
Released (1.1.1-4ubuntu2.4)
natty
Released (1.1.2-2ubuntu8.4)
oneiric
Released (1.1.3-2ubuntu2.1)
upstream Needs triage