CVE-2011-3149

Publication date 24 October 2011

Last updated 24 July 2024


Ubuntu priority

The _expand_arg function in the pam_env module (modules/pam_env/pam_env.c) in Linux-PAM (aka pam) before 1.1.5 does not properly handle when environment variable expansion can overflow, which allows local users to cause a denial of service (CPU consumption).

Status

Package Ubuntu Release Status
pam 11.10 oneiric
Fixed 1.1.3-2ubuntu2.1
11.04 natty
Fixed 1.1.2-2ubuntu8.4
10.10 maverick
Fixed 1.1.1-4ubuntu2.4
10.04 LTS lucid
Fixed 1.1.1-2ubuntu5.4
8.04 LTS hardy
Fixed 0.99.7.1-5ubuntu6.5

References

Related Ubuntu Security Notices (USN)

Other references