CVE-2015-3238

Published: 24 August 2015

The _unix_run_helper_binary function in the pam_unix module in Linux-PAM (aka pam) before 1.2.1, when unable to directly access passwords, allows local users to enumerate usernames or cause a denial of service (hang) via a large password.

Priority

Low

CVSS 3 base score: 6.5

Status

Package Release Status
pam
Launchpad, Ubuntu, Debian
Upstream
Released (1.1.8-3.2)
Ubuntu 16.04 ESM (Xenial Xerus)
Released (1.1.8-3.2ubuntu2)
Ubuntu 14.04 ESM (Trusty Tahr)
Released (1.1.8-1ubuntu2.1)
Patches:
Upstream: https://git.fedorahosted.org/cgit/linux-pam.git/commit/?id=e89d4c97385ff8180e6e81e84c5aa745daf28a79