GLSA Advocate
Joined: 12 May 2004 Posts: 2663
|
Posted: Tue May 31, 2016 5:26 am Post subject: [ GLSA 201605-05 ] Linux-PAM |
|
|
Gentoo Linux Security Advisory
Title: Linux-PAM: Multiple vulnerabilities (GLSA 201605-05)
Severity: normal
Exploitable: remote
Date: May 31, 2016
Bug(s): #493432, #505604, #553302
ID: 201605-05
Synopsis
Multiple vulnerabilities have been found in Linux-PAM, allowing
remote attackers to bypass the auth process and cause Denial of Service.
Background
Linux-PAM (Pluggable Authentication Modules) is an architecture allowing
the separation of the development of privilege granting software from the
development of secure and appropriate authentication schemes.
Affected Packages
Package: sys-libs/pam
Vulnerable: < 1.2.1
Unaffected: >= 1.2.1
Architectures: All supported architectures
Description
Multiple vulnerabilities have been discovered in Linux-PAM. Please
review the CVE identifiers referenced below for details.
Impact
Remote attackers could cause Denial of Service, conduct brute force
attacks, and conduct username enumeration.
Workaround
There is no known workaround at this time.
Resolution
All Linux-PAM users should upgrade to the latest version: Code: | # emerge --sync
# emerge --ask --oneshot --verbose ">=sys-libs/pam-1.2.1"
|
References
CVE-2013-7041
CVE-2014-2583
CVE-2015-3238
CVE-2015-3238 |
|