Описание
The _expand_arg function in the pam_env module (modules/pam_env/pam_env.c) in Linux-PAM (aka pam) before 1.1.5 does not properly handle when environment variable expansion can overflow, which allows local users to cause a denial of service (CPU consumption).
Отчет
This issue did not affect the versions of pam package as shipped with Red Hat Enterprise Linux 4 and 5.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 4 | pam | Not affected | ||
| Red Hat Enterprise Linux 5 | pam | Not affected | ||
| Red Hat Enterprise Linux 6 | pam | Fixed | RHSA-2013:0521 | 20.02.2013 |
Показывать по
Дополнительная информация
Статус:
EPSS
1.2 Low
CVSS2
Связанные уязвимости
The _expand_arg function in the pam_env module (modules/pam_env/pam_env.c) in Linux-PAM (aka pam) before 1.1.5 does not properly handle when environment variable expansion can overflow, which allows local users to cause a denial of service (CPU consumption).
The _expand_arg function in the pam_env module (modules/pam_env/pam_env.c) in Linux-PAM (aka pam) before 1.1.5 does not properly handle when environment variable expansion can overflow, which allows local users to cause a denial of service (CPU consumption).
The _expand_arg function in the pam_env module (modules/pam_env/pam_en ...
The _expand_arg function in the pam_env module (modules/pam_env/pam_env.c) in Linux-PAM (aka pam) before 1.1.5 does not properly handle when environment variable expansion can overflow, which allows local users to cause a denial of service (CPU consumption).
ELSA-2013-0521: pam security, bug fix, and enhancement update (MODERATE)
EPSS
1.2 Low
CVSS2