Your submission was sent successfully! Close

CVE-2015-3238

Published: 24 August 2015

The _unix_run_helper_binary function in the pam_unix module in Linux-PAM (aka pam) before 1.2.1, when unable to directly access passwords, allows local users to enumerate usernames or cause a denial of service (hang) via a large password.

Priority

Low

CVSS 3 base score: 6.5

Status

Package Release Status
pam
Launchpad, Ubuntu, Debian
precise
Released (1.1.3-7ubuntu2.1)
trusty
Released (1.1.8-1ubuntu2.1)
upstream
Released (1.1.8-3.2)
utopic Ignored
(reached end-of-life)
vivid Ignored
(reached end-of-life)
wily
Released (1.1.8-3.1ubuntu3.1)
xenial
Released (1.1.8-3.2ubuntu2)
yakkety
Released (1.1.8-3.2ubuntu2)
zesty
Released (1.1.8-3.2ubuntu2)
Patches:
upstream: https://git.fedorahosted.org/cgit/linux-pam.git/commit/?id=e89d4c97385ff8180e6e81e84c5aa745daf28a79