Vulnerabilities > Linux PAM

DATE CVE VULNERABILITY TITLE RISK
2020-12-18 CVE-2020-27780 Improper Authentication vulnerability in Linux-Pam 1.5.0
A flaw was found in Linux-Pam in versions prior to 1.5.1 in the way it handle empty passwords for non-existing users.
network
low complexity
linux-pam CWE-287
critical
10.0
2015-08-24 CVE-2015-3238 Information Exposure vulnerability in multiple products
The _unix_run_helper_binary function in the pam_unix module in Linux-PAM (aka pam) before 1.2.1, when unable to directly access passwords, allows local users to enumerate usernames or cause a denial of service (hang) via a large password.
5.8
2014-04-10 CVE-2014-2583 Path Traversal vulnerability in Linux-Pam 1.1.8
Multiple directory traversal vulnerabilities in pam_timestamp.c in the pam_timestamp module for Linux-PAM (aka pam) 1.1.8 allow local users to create arbitrary files or possibly bypass authentication via a ..
network
linux-pam CWE-22
5.8
2012-07-22 CVE-2011-3149 Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Linux-Pam
The _expand_arg function in the pam_env module (modules/pam_env/pam_env.c) in Linux-PAM (aka pam) before 1.1.5 does not properly handle when environment variable expansion can overflow, which allows local users to cause a denial of service (CPU consumption).
local
low complexity
linux-pam CWE-119
2.1
2012-07-22 CVE-2011-3148 Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Linux-Pam
Stack-based buffer overflow in the _assemble_line function in modules/pam_env/pam_env.c in Linux-PAM (aka pam) before 1.1.5 allows local users to cause a denial of service (crash) and possibly execute arbitrary code via a long string of white spaces at the beginning of the ~/.pam_environment file.
local
low complexity
linux-pam CWE-119
4.6
2011-01-24 CVE-2010-4708 Unspecified vulnerability in Linux-Pam
The pam_env module in Linux-PAM (aka pam) 1.1.2 and earlier reads the .pam_environment file in a user's home directory, which might allow local users to run programs with an unintended environment by executing a program that relies on the pam_env PAM check.
local
low complexity
linux-pam
7.2
2011-01-24 CVE-2010-4707 Resource Management Errors vulnerability in Linux-Pam
The check_acl function in pam_xauth.c in the pam_xauth module in Linux-PAM (aka pam) 1.1.2 and earlier does not verify that a certain ACL file is a regular file, which might allow local users to cause a denial of service (resource consumption) via a special file.
local
low complexity
linux-pam CWE-399
4.9
2011-01-24 CVE-2010-4706 Denial of Service and Security Bypass vulnerability in Linux-PAM 'pam_xauth' Module
The pam_sm_close_session function in pam_xauth.c in the pam_xauth module in Linux-PAM (aka pam) 1.1.2 and earlier does not properly handle a failure to determine a certain target uid, which might allow local users to delete unintended files by executing a program that relies on the pam_xauth PAM check.
local
low complexity
linux-pam
4.9
2011-01-24 CVE-2010-3853 Unspecified vulnerability in Linux-Pam
pam_namespace.c in the pam_namespace module in Linux-PAM (aka pam) before 1.1.3 uses the environment of the invoking application or service during execution of the namespace.init script, which might allow local users to gain privileges by running a setuid program that relies on the pam_namespace PAM check, as demonstrated by the sudo program.
local
linux-pam
6.9
2011-01-24 CVE-2010-3435 Unspecified vulnerability in Linux-Pam
The (1) pam_env and (2) pam_mail modules in Linux-PAM (aka pam) before 1.1.2 use root privileges during read access to files and directories that belong to arbitrary user accounts, which might allow local users to obtain sensitive information by leveraging this filesystem activity, as demonstrated by a symlink attack on the .pam_environment file in a user's home directory.
local
linux-pam
4.7