Wind River Support Network

Description

A vulnerability has been discovered in the PAM library (aka Linux-PAM) on Linux/Unix systems. It allows a malicious user to remotely perform harmful actions on a vulnerable system.

Technical context :
"PAM" (Pluggable Authentication Module) is an authentication modular system for UNIX systems.

Technical information :
This vulnerability is due to an error in "_unix_run_helper_binary" function of "pam_userdb" module which can not process passwords greater than 65536 characters. It allows a remote attacker, through sending a password greater than 65536 characters, to get the username list or to cause a partial denial of service.

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3238

Workaround

None

Steps to Reproduce

None

Other Downloads

• Wind River Linux 7.0.0.14
• Wind River Linux 7.0.0.15
• Wind River Linux 7.0.0.16
• Wind River Linux 7.0.0.17
• Wind River Linux 7.0.0.18
• Wind River Linux 7.0.0.19
• Wind River Linux 7.0.0.20
• Wind River Linux 7.0.0.21
• Wind River Linux 7.0.0.22
• Wind River Linux 7.0.0.23
• Wind River Linux 7.0.0.24
• Wind River Linux 7.0.0.25
• Wind River Linux 7.0.0.26
• Wind River Linux 7.0.0.27
• Wind River Linux 7.0.0.28
• Wind River Linux 7.0.0.29
• Wind River Linux 7.0.0.30
• Wind River Linux 7.0.0.31

CVEs

• CVE-2015-3238