Download
| Alert*
oval:org.secpod.oval:def:1600264
A stack-based buffer overflow flaw was found in the way the pam_env module parsed users" "~/.pam_environment" files. If an application"s PAM configuration contained "user_readenv=1" , a local attacker could use this flaw to crash the application or, possibly, escalate their privileges. A denial of s ... oval:org.secpod.oval:def:400304 The pam_env module is vulnerable to a stack overflow and a DoS condition when parsing users .pam_environment files. oval:org.secpod.oval:def:202619 Pluggable Authentication Modules provide a system whereby administrators can set up authentication policies without having to recompile programs to handle authentication. A stack-based buffer overflow flaw was found in the way the pam_env module parsed users" "~/.pam_environment" files. I ... oval:org.secpod.oval:def:600626 Kees Cook of the ChromeOS security team discovered a buffer overflow in pam_env, a PAM module to set environment variables through the PAM stack, which allowed the execution of arbitrary code. An additional issue in argument parsing allows denial of service. The oldstable distribution is not affect ... oval:org.secpod.oval:def:1500114 Updated pam packages that fix two security issues, several bugs, and addvarious enhancements are now available for Red Hat Enterprise Linux 6.The Red Hat Security Response Team has rated this update as having moderatesecurity impact. Common Vulnerability Scoring System base scores,which give detail ... oval:org.secpod.oval:def:400312 The pam_env module is vulnerable to a stack overflow and a DoS condition when parsing users .pam_environment files. Additionally a missing return value check inside pam_xauth has been fixed . oval:org.secpod.oval:def:500991 Pluggable Authentication Modules provide a system whereby administrators can set up authentication policies without having to recompile programs to handle authentication. A stack-based buffer overflow flaw was found in the way the pam_env module parsed users" "~/.pam_environment" files. I ... oval:org.secpod.oval:def:205799 The advisory is missing the security advisory description. For more information please visit the reference link |