Wind River Support Network

HomeDefectsLIN7-4277
Fixed

LIN7-4277 : Security Advisory - Linux-Pam - CVE-2015-3238

Created: Jul 13, 2015    Updated: Sep 8, 2018
Resolved Date: Jul 13, 2015
Previous ID: LIN4-32867
Found In Version: 7.0.0.5
Fix Version: 7.0.0.8
Severity: Standard
Applicable for: Wind River Linux 7
Component/s: Kernel

Description

A vulnerability has been discovered in the PAM library (aka Linux-PAM) on Linux/Unix systems. It allows a malicious user to remotely perform harmful actions on a vulnerable system.

Technical context :
"PAM" (Pluggable Authentication Module) is an authentication modular system for UNIX systems.

Technical information :
This vulnerability is due to an error in "_unix_run_helper_binary" function of "pam_userdb" module which can not process passwords greater than 65536 characters. It allows a remote attacker, through sending a password greater than 65536 characters, to get the username list or to cause a partial denial of service.

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3238

Workaround

None

Steps to Reproduce

None

Other Downloads


CVEs


Live chat
Online