Joined: 12 May 2004
|Posted: Mon Jun 25, 2012 10:26 pm Post subject: [ GLSA 201206-31 ] Linux-PAM: Multiple vulnerabilities
|Gentoo Linux Security Advisory
Title: Linux-PAM: Multiple vulnerabilities (GLSA 201206-31)
Date: June 25, 2012
Bug(s): #343399, #386273, #388431
Multiple vulnerabilities have been found in Linux-PAM, allowing
local attackers to possibly gain escalated privileges, cause a Denial of
Service, corrupt data, or obtain sensitive information.
Linux-PAM (Pluggable Authentication Modules) is an architecture allowing
the separation of the development of privilege granting software from the
development of secure and appropriate authentication schemes.
Vulnerable: < 1.1.5
Unaffected: >= 1.1.5
Architectures: All supported architectures
Multiple vulnerabilities have been discovered in Linux-PAM. Please
review the CVE identifiers referenced below for details.
A local attacker could use specially crafted files to cause a buffer
overflow, possibly resulting in privilege escalation or Denial of
Service. Furthermore, a local attacker could execute specially crafted
programs or symlink attacks, possibly resulting in data loss or
disclosure of sensitive information.
There is no known workaround at this time.
All Linux-PAM users should upgrade to the latest version:
NOTE: This is a legacy GLSA. Updates for all affected architectures are
|# emerge --sync
# emerge --ask --oneshot --verbose ">=sys-libs/pam-1.1.5"
available since November 25, 2011. It is likely that your system is
already no longer affected by this issue.