Wind River Support Network


LIN6-10124 : Security Advisory - Linux-Pam - CVE-2015-3238

Created: Jul 13, 2015    Updated: Dec 3, 2018
Resolved Date: Jul 13, 2015
Previous ID: LIN4-32869
Found In Version:
Fix Version:
Severity: Standard
Applicable for: Wind River Linux 6
Component/s: Kernel


A vulnerability has been discovered in the PAM library (aka Linux-PAM) on Linux/Unix systems. It allows a malicious user to remotely perform harmful actions on a vulnerable system.

Technical context :
"PAM" (Pluggable Authentication Module) is an authentication modular system for UNIX systems.

Technical information :
This vulnerability is due to an error in "_unix_run_helper_binary" function of "pam_userdb" module which can not process passwords greater than 65536 characters. It allows a remote attacker, through sending a password greater than 65536 characters, to get the username list or to cause a partial denial of service.



Steps to Reproduce


Other Downloads

Live chat