You are here

CVE-2011-3148

Vincent (CVE) Danen's picture
Stack-based buffer overflow in the _assemble_line function in modules/pam_env/pam_env.c in Linux-PAM (aka pam) before 1.1.5 allows local users to cause a denial of service (crash) and possibly execute arbitrary code via a long string of white spaces at the beginning of the ~/.pam_environment file.

Details Source

Mitre

Public Date

2011-10-24 00:00:00

Impact

Moderate

Bugzilla

CVE-2011-3148 pam (pam_env): Stack-based buffer overflow by parsing user's pam_environment file

Bugzilla ID

746 619

CVSS Status

verified

Base Score

3.70

Base Metrics

AV:L/AC:H/Au:N/C:P/I:P/A:P

Acknowledgements

Red Hat would like to thank Kees Cook of Google ChromeOS Team for reporting this issue.

Red Hat Security Errata

Platform Errata Release Date
Red Hat Enterprise Linux 6 (pam) RHSA-2013:0521 2013-02-20

CWE

CWE-121

Affected Packages State

Platform Package State
Red Hat Enterprise Linux 5 pam Not affected
Red Hat Enterprise Linux 4 pam Not affected