MEDIUM✓ PATCH🇵🇱 Wersja polska

CVE-2015-3238

CVSS 6.5v3.0pub. 2015-08-24upd. 2026-05-06

The _unix_run_helper_binary function in the pam_unix module in Linux-PAM (aka pam) before 1.2.1, when unable to directly access passwords, allows local users to enumerate usernames or cause a denial of service (hang) via a large password.

CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L
  • Linux Pam

    APP
    Linux-Pam
    ≤ 1.1.8
  • Oracle Sparc Opl Service Processor

    APP
    Oracle
    ≤ 1121
🟢
PATCH AVAILABLE
Vendor update available. Deploy in standard maintenance cycle.
Tags
DoS
CWE
References

Related vulnerabilities

CVE-2022-28321CRITICAL9.8ten sam produkt

The Linux-PAM package before 1.5.2-6.1 for openSUSE Tumbleweed allows authentication bypass for SSH logins. Th...

CVE-2020-27780CRITICAL9.8ten sam produkt

A flaw was found in Linux-Pam in versions prior to 1.5.1 in the way it handle empty passwords for non-existing...

CVE-2015-1789HIGH7.5ten sam produkt

The X509_cmp_time function in crypto/x509/x509_vfy.c in OpenSSL before 0.9.8zg, 1.0.0 before 1.0.0s, 1.0.1 bef...

CVE-2010-4708HIGH7.2ten sam produkt

The pam_env module in Linux-PAM (aka pam) 1.1.2 and earlier reads the .pam_environment file in a user's home d...

CVE-2024-10041MEDIUM4.7ten sam produkt

A vulnerability was found in PAM. The secret information is stored in memory, where the attacker can trigger t...