ALAS-2013-160 ---- pamID: oval:org.secpod.oval:def:1600264 | Date: (C)2016-05-19 (M)2023-11-09 |
Class: PATCH | Family: unix |
A stack-based buffer overflow flaw was found in the way the pam_env module parsed users" "~/.pam_environment" files. If an application"s PAM configuration contained "user_readenv=1" , a local attacker could use this flaw to crash the application or, possibly, escalate their privileges. A denial of service flaw was found in the way the pam_env module expanded certain environment variables. If an application"s PAM configuration contained "user_readenv=1" , a local attacker could use this flaw to cause the application to enter an infinite loop
Platform: |
Amazon Linux AMI |