Your submission was sent successfully! Close

CVE-2011-3149

Published: 24 October 2011

The _expand_arg function in the pam_env module (modules/pam_env/pam_env.c) in Linux-PAM (aka pam) before 1.1.5 does not properly handle when environment variable expansion can overflow, which allows local users to cause a denial of service (CPU consumption).

Priority

Medium

Status

Package Release Status
pam
Launchpad, Ubuntu, Debian
hardy
Released (0.99.7.1-5ubuntu6.5)
lucid
Released (1.1.1-2ubuntu5.4)
maverick
Released (1.1.1-4ubuntu2.4)
natty
Released (1.1.2-2ubuntu8.4)
oneiric
Released (1.1.3-2ubuntu2.1)
upstream Needs triage