The _unix_run_helper_binary function in the pam_unix module in Linux-PAM (aka pam) before 1.2.1, when unable to directly access passwords, allows local users to enumerate usernames or cause a denial of service (hang) via a large password.
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:LLinux Pam
APPLinux-Pam≤ 1.1.8Oracle Sparc Opl Service Processor
APPOracle≤ 1121
Related vulnerabilities
The Linux-PAM package before 1.5.2-6.1 for openSUSE Tumbleweed allows authentication bypass for SSH logins. Th...
A flaw was found in Linux-Pam in versions prior to 1.5.1 in the way it handle empty passwords for non-existing...
The X509_cmp_time function in crypto/x509/x509_vfy.c in OpenSSL before 0.9.8zg, 1.0.0 before 1.0.0s, 1.0.1 bef...
The pam_env module in Linux-PAM (aka pam) 1.1.2 and earlier reads the .pam_environment file in a user's home d...
A vulnerability was found in PAM. The secret information is stored in memory, where the attacker can trigger t...