CVE-2011-3148

Name of the Vulnerable Software and Affected Versions openSUSE pam versions prior to 1.1.5 SUSE Linux Enterprise pam versions prior to 1.1.5 Debian GNU/Linux pam versions prior to 1.1.5 openSUSE pam-32bit versions prior to 1.1.5 SUSE Linux Enterprise pam-32bit versions prior to 1.1.5 openSUSE pam-devel versions prior to 1.1.5 SUSE Linux Enterprise pam-devel versions prior to 1.1.5 SUSE Linux Enterprise pam-devel-32bit versions prior to 1.1.5 openSUSE pam-devel-32bit versions prior to 1.1.5 SUSE Linux Enterprise pam-devel-64bit versions prior to 1.1.5

Description The issue is related to multiple vulnerabilities in the pam package of various Linux operating systems, including openSUSE, SUSE Linux Enterprise, and Debian GNU/Linux. These vulnerabilities can be exploited locally, potentially leading to a violation of confidentiality, integrity, and availability of protected information. A specific vulnerability is a stack-based buffer overflow in the assemble line function in modules/pam env/pam env.c in Linux-PAM before version 1.1.5, which allows local users to cause a denial of service and possibly execute arbitrary code via a long string of white spaces at the beginning of the ~/.pam environment file.

Recommendations For openSUSE pam versions prior to 1.1.5, update to version 1.1.5 or later. For SUSE Linux Enterprise pam versions prior to 1.1.5, update to version 1.1.5 or later. For Debian GNU/Linux pam versions prior to 1.1.5, update to version 1.1.5 or later. For openSUSE pam-32bit versions prior to 1.1.5, update to version 1.1.5 or later. For SUSE Linux Enterprise pam-32bit versions prior to 1.1.5, update to version 1.1.5 or later. For openSUSE pam-devel versions prior to 1.1.5, update to version 1.1.5 or later. For SUSE Linux Enterprise pam-devel versions prior to 1.1.5, update to version 1.1.5 or later. For SUSE Linux Enterprise pam-devel-32bit versions prior to 1.1.5, update to version 1.1.5 or later. For openSUSE pam-devel-32bit versions prior to 1.1.5, update to version 1.1.5 or later. For SUSE Linux Enterprise pam-devel-64bit versions prior to 1.1.5, update to version 1.1.5 or later. As a temporary workaround, consider restricting access to the ~/.pam environment file to minimize the risk of exploitation.