Pluggable Authentication Modules provide a system whereby administrators can set up authentication policies without having to recompile programs to handle authentication. It was discovered that the _unix_run_helper_binary function of PAM"s unix_pam module could write to a blocking pipe, possibly causing the function to become unresponsive. An attacker able to supply large passwords to the unix_pam module could use this flaw to enumerate valid user accounts, or cause a denial of service on the system. Red Hat would like to thank Sebastien Macke of Trustwave SpiderLabs for reporting this issue. All pam users are advised to upgrade to this updated package, which contains a backported patch to correct this issue.