CVE-2011-3148

Published: 24 October 2011

Stack-based buffer overflow in the _assemble_line function in modules/pam_env/pam_env.c in Linux-PAM (aka pam) before 1.1.5 allows local users to cause a denial of service (crash) and possibly execute arbitrary code via a long string of white spaces at the beginning of the ~/.pam_environment file.

Priority

Status

Package	Release	Status
pam Launchpad, Ubuntu, Debian	hardy	Released (0.99.7.1-5ubuntu6.5)
	lucid	Released (1.1.1-2ubuntu5.4)
	maverick	Released (1.1.1-4ubuntu2.4)
	natty	Released (1.1.2-2ubuntu8.4)
	oneiric	Released (1.1.3-2ubuntu2.1)
	upstream	Needs triage

References

https://ubuntu.com/security/notices/USN-1237-1
https://www.cve.org/CVERecord?id=CVE-2011-3148
NVD
Launchpad
Debian

Bugs

https://bugs.launchpad.net/ubuntu/+source/pam/+bug/874469

Join the discussion

Ubuntu security updates mailing list
Security announcements mailing list

Canonical is offering Expanded Security Maintenance

Canonical is offering Ubuntu Expanded Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›