CVE-2011-3148 - Vulnerability Details

Stack-based buffer overflow in the _assemble_line function in modules/pam_env/pam_env.c in Linux-PAM (aka pam) before 1.1.5 allows local users to cause a denial of service (crash) and possibly execute arbitrary code via a long string of white spaces at the beginning of the ~/.pam_environment file.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Linux-pam	Linux-pam
Redhat	Enterprise Linux

Configuration 1 [-]

OR	cpe:2.3:a:linux-pam:linux-pam::::::::
	cpe:2.3:a:linux-pam:linux-pam:0.99.1.0:::::::*
	cpe:2.3:a:linux-pam:linux-pam:0.99.2.0:::::::*
	cpe:2.3:a:linux-pam:linux-pam:0.99.2.1:::::::*
	cpe:2.3:a:linux-pam:linux-pam:0.99.3.0:::::::*
	cpe:2.3:a:linux-pam:linux-pam:0.99.4.0:::::::*
	cpe:2.3:a:linux-pam:linux-pam:0.99.5.0:::::::*
	cpe:2.3:a:linux-pam:linux-pam:0.99.6.0:::::::*
	cpe:2.3:a:linux-pam:linux-pam:0.99.6.1:::::::*
	cpe:2.3:a:linux-pam:linux-pam:0.99.6.2:::::::*
	cpe:2.3:a:linux-pam:linux-pam:0.99.6.3:::::::*
	cpe:2.3:a:linux-pam:linux-pam:0.99.7.0:::::::*
	cpe:2.3:a:linux-pam:linux-pam:0.99.7.1:::::::*
	cpe:2.3:a:linux-pam:linux-pam:0.99.8.0:::::::*
	cpe:2.3:a:linux-pam:linux-pam:0.99.8.1:::::::*
	cpe:2.3:a:linux-pam:linux-pam:0.99.9.0:::::::*
	cpe:2.3:a:linux-pam:linux-pam:0.99.10.0:::::::*
	cpe:2.3:a:linux-pam:linux-pam:1.0.0:::::::*
	cpe:2.3:a:linux-pam:linux-pam:1.0.1:::::::*
	cpe:2.3:a:linux-pam:linux-pam:1.0.2:::::::*
	cpe:2.3:a:linux-pam:linux-pam:1.0.3:::::::*
	cpe:2.3:a:linux-pam:linux-pam:1.0.4:::::::*
	cpe:2.3:a:linux-pam:linux-pam:1.1.0:::::::*
	cpe:2.3:a:linux-pam:linux-pam:1.1.1:::::::*
	cpe:2.3:a:linux-pam:linux-pam:1.1.2:::::::*
	cpe:2.3:a:linux-pam:linux-pam:1.1.3:::::::*

Package	CPE	Advisory	Released Date
Red Hat Enterprise Linux 6
pam-0:1.1.1-13.el6	cpe:/o:redhat:enterprise_linux:6	RHSA-2013:0521	2013-02-20T00:00:00Z

References

Link	Providers
http://git.fedorahosted.org/git/?p=linux-pam.git%3Ba=commitdiff%3Bh=caf5e7f61c8d9288daa49b4f61962e6b1239121d
http://secunia.com/advisories/46583
http://secunia.com/advisories/49711
http://security.gentoo.org/glsa/glsa-201206-31.xml
http://www.ubuntu.com/usn/USN-1237-1
https://bugs.launchpad.net/ubuntu/+source/pam/+bug/874469
https://nvd.nist.gov/vuln/detail/CVE-2011-3148
https://www.cve.org/CVERecord?id=CVE-2011-3148

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2012-07-22T17:00:00

Updated: 2024-08-06T23:22:27.612Z

Reserved: 2011-08-16T00:00:00

Link: CVE-2011-3148

Vulnrichment

No data.

NVD

Status : Modified

Published: 2012-07-22T17:55:01.057

Modified: 2024-11-21T01:29:50.770

Link: CVE-2011-3148

Redhat

Severity : Moderate

Publid Date: 2011-10-24T00:00:00Z

Links: CVE-2011-3148 - Bugzilla

Metrics

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

Affected Vendors & Products

Metrics

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object