Wind River Support Network

HomeDefectsLIN6-10124
Fixed

LIN6-10124 : Security Advisory - Linux-Pam - CVE-2015-3238

Created: Jul 13, 2015    Updated: Dec 3, 2018
Resolved Date: Jul 13, 2015
Previous ID: LIN4-32869
Found In Version: 6.0.0.20
Fix Version: 6.0.0.23
Severity: Standard
Applicable for: Wind River Linux 6
Component/s: Kernel

Description

A vulnerability has been discovered in the PAM library (aka Linux-PAM) on Linux/Unix systems. It allows a malicious user to remotely perform harmful actions on a vulnerable system.

Technical context :
"PAM" (Pluggable Authentication Module) is an authentication modular system for UNIX systems.

Technical information :
This vulnerability is due to an error in "_unix_run_helper_binary" function of "pam_userdb" module which can not process passwords greater than 65536 characters. It allows a remote attacker, through sending a password greater than 65536 characters, to get the username list or to cause a partial denial of service.

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3238

Workaround

None

Steps to Reproduce

None

Other Downloads

Live chat
Online
  • Linkedin
  • Facebook
  • Twitter
  • Youtube