QwikSec

Security Database

CVE

CWE

Training

CVE-2011-3149

Published: Jul 22, 2012

Modified: Aug 6, 2024

PUBLISHED

Description

The _expand_arg function in the pam_env module (modules/pam_env/pam_env.c) in Linux-PAM (aka pam) before 1.1.5 does not properly handle when environment variable expansion can overflow, which allows local users to cause a denial of service (CPU consumption).

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

vendor-advisory

x_refsource_GENTOO

vendor-advisory

x_refsource_UBUNTU

third-party-advisory

x_refsource_SECUNIA

third-party-advisory

x_refsource_SECUNIA

https://bugs.launchpad.net/ubuntu/+source/pam/+bug/874565

x_refsource_CONFIRM

http://git.fedorahosted.org/git/?p=linux-pam.git%3Ba=commitdiff%3Bh=109823cb621c900c07c4b6cdc99070d354d19444

x_refsource_CONFIRM

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.